Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users.

Facebook filed a lawsuit against Israeli mobile surveillance firm NSO G… Continue reading Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Facebook sues NSO Group for alleged WhatsApp hack

Facebook, which owns the popular messaging application WhatsApp, has sued software surveillance vendor NSO Group, alleging that the Israeli company violated a federal anti-hacking law. The lawsuit filed in a federal court Tuesday alleges that NSO Group violated the Computer Fraud and Abuse Act when NSO’s custom malware was deployed on some 1,400 mobile devices with WhatsApp installed during a sweeping attack in April and May. At least 100 human rights advocates, journalists, and other members of civil society around the world were targeted in the attack, according to WhatsApp. WhatsApp’s investigation traced user accounts used by the attackers back to NSO Group, and uncovered computer servers that were previously associated with the Israeli vendor, according to Will Cathcart, head of WhatsApp. “This should serve as a wake-up call for technology companies, governments and all internet users,” Cathcart wrote in an op-ed for The Washington Post. “Tools that enable surveillance into our private […]

The post Facebook sues NSO Group for alleged WhatsApp hack appeared first on CyberScoop.

Continue reading Facebook sues NSO Group for alleged WhatsApp hack

NSO Group’s Pegasus spyware detected in attacks against Moroccan journalist, activist

Hackers potentially working on behalf of a foreign government have targeted Moroccan human rights advocates with malicious software built by NSO Group, a controversial spyware vendor, according to Amnesty International. Since 2017, journalist Maati Monib and Abdessadak El Bouchattaoui, an attorney who has protested the Moroccan government’s security forces, repeatedly have received SMS messages containing malicious links that, if clicked, would install the Pegasus malware, Amnesty found. It’s the latest allegation that NSO Group provided Pegasus to a customer that used it for more than combating terrorism and crime. The software allows attackers to take almost total control of an affected phone. Human Rights Watch has documented a list of government efforts to obstruct reform in Morocco, including prison sentences for people who have “harmed” the monarchy there or insulted Islam. El Bouchattaoui, one of the activists whose experience was detailed by Amnesty, was sentenced to two years in prison for […]

The post NSO Group’s Pegasus spyware detected in attacks against Moroccan journalist, activist appeared first on CyberScoop.

Continue reading NSO Group’s Pegasus spyware detected in attacks against Moroccan journalist, activist

Android Zero-Day Panic as Ancient Linux Flaw Forgotten

A bunch of fairly recent Android phones suffer from a nasty zero-day vulnerability. The flaw is currently being exploited, but by whom?
The post Android Zero-Day Panic as Ancient Linux Flaw Forgotten appeared first on Security Boulevard.
Continue reading Android Zero-Day Panic as Ancient Linux Flaw Forgotten

Google Warns of Android Zero-Day Bug Under Active Attack

Flaw impacts 18 Android models including Google’s flagship Pixel handset as well as phones made by Samsung, Huawei and Xiaomi. Continue reading Google Warns of Android Zero-Day Bug Under Active Attack

The developers of the notorious FinSpy spyware are innovating — and thriving

Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]

The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.

Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving

Rights groups probe investments in NSO Group’s private equity firm

Since a February shakeup of the management structure of Israeli spyware vendor NSO Group, whose software has allegedly been used to target journalists and other civilians, human rights activists have stepped up their scrutiny of the vendor’s new private equity firm. The probing of London-based Novalpina Capital, which now controls the NSO Group board, is an effort to highlight what critics say is a failure by NSO Group and its investors to prevent the abuse of the company’s mobile-phone hacking tools. Now, the inquiry is drawing attention to the unexpected role that pension funds in the U.S. and the UK are playing in the standoff between the Israeli vendor and digital rights groups like Amnesty International and Citizen Lab, a research center at University of Toronto’s Munk School. In a letter last week to Britain’s South Yorkshire Pensions Authority (SYPA), Citizen Lab Director Ron Deibert asked the pension fund to take a hard look […]

The post Rights groups probe investments in NSO Group’s private equity firm appeared first on CyberScoop.

Continue reading Rights groups probe investments in NSO Group’s private equity firm

Stop demonizing encryption

The security industry has more than its fair share of buzzwords and gimmicks. End-to-end encryption is not one of them. The recent discovery of a vulnerability in WhatsApp has instigated discussions and spawned hot takes surrounding spyware and export controls, with some declaring that end-to-end encryption is ineffective. With this particular vulnerability, spyware created by the NSO Group could be uploaded onto a phone through a series of malicious data packets sent via VoIP calls. This enabled access to the content and data on a targeted phone. While this particular vulnerability may prompt concerns over WhatsApp’s overall security (a patch has since been released), it does not negate the value of end-to-end encryption. Furthermore, the current negativity toward encryption perpetuates misinformation and provides fodder for governments seeking to undermine security and privacy across the globe. Yes, end-to-end encryption alone is not sufficient for complete security and privacy across every attack […]

The post Stop demonizing encryption appeared first on CyberScoop.

Continue reading Stop demonizing encryption