Congress goes after spyware purveyors. Will it make a difference?

The crackdown on foreign commercial surveillance comes in the wake of high-profile attacks on diplomats and government officials abroad.

The post Congress goes after spyware purveyors. Will it make a difference? appeared first on CyberScoop.

Continue reading Congress goes after spyware purveyors. Will it make a difference?

Apple ramps up war on spyware, a growing digital scourge

An Apple representative said that the company has alerted potential victims of highly targeted mercenary spyware in 150 countries.

The post Apple ramps up war on spyware, a growing digital scourge appeared first on CyberScoop.

Continue reading Apple ramps up war on spyware, a growing digital scourge

Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says

There were 58 total. The good news: Detection and disclosure of zero-day exploits have increased, the research team says.

The post Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says appeared first on CyberScoop.

Continue reading Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says

Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents

United Arab Emirates agents loaded Pegasus spyware on the phone of journalist Jamal Khashoggi’s wife months before his death, the Washington Post first reported Tuesday. The software was discovered by Citizen Lab, which examined the device at the request of the newspaper and Khashoggi’s wife, Hanan Elatr. Agents placed the spyware on her phone after seizing her from the Dubai airport in April 2018 and interrogating her, the researchers said. During the interrogations, they seized her two Android phones. Agents typed in a web address that researchers have tied to a network used to spread the spyware. The Post first reported in July that Elatr was targeted by Pegasus spyware via text messages, but researchers couldn’t tell if the hack was successful. It’s unclear if the spyware launched by UAE agents finished installing on the phone, Citizen Lab researcher Bill Marczak told the Post. However, the new findings are the […]

The post Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents appeared first on CyberScoop.

Continue reading Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents

Meta takes down 7 hacking-for-hire operations that targeted 50,000 users

Meta removed seven “surveillance-for-hire” organizations that used Facebook to target at least 50,000 individuals across 100 countries for surveillance operations, some of which included the deployment of spyware, the company announced in a report Thursday. The operation marked a major step in efforts by the social media company against a sprawling surveillance industry that Facebook security experts warn is becoming more “democratized” and easily accessible to spy on not just high-profile targets, but ordinary users. The company removed hundreds of accounts belonging to firms known as Israeli Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, India-based BellTroX, Macedonia-based Cytrox, and an unknown entity in China. Of the seven firms, only Cobwebs and Cognyte did not engage in what it called “exploitation” phase activities, or actually delivering malware to hack victims. Facebook sent cease and desist letters to the six named companies. Facebook has clashed with the growing spyware market for years. […]

The post Meta takes down 7 hacking-for-hire operations that targeted 50,000 users appeared first on CyberScoop.

Continue reading Meta takes down 7 hacking-for-hire operations that targeted 50,000 users

NSO Group’s latest spyware on par with nation-state abilities, researchers say

When Apple announced Nov. 23 that it filed a lawsuit against Israeli spyware firm NSO Group, it claimed that the firm and its clients “devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks.” An independent analysis published Wednesday backs that claim up. Google Project Zero researchers Ian Beer and Samuel Groß took a deep dive into FORCEDENTRY, the malware developed by NSO Group that allowed adversaries to infect targeted Apple devices — without the owner’s knowledge — with NSO Group’s Pegasus spyware. The researchers concluded that it’s “one of the most technically sophisticated exploits” they’ve ever seen, rivaling “those previously thought to be accessible to only a handful of nation states.” Previous iterations of the Pegasus software required the victim to click a link in an SMS message. But FORCEDENTRY was an example of NSO Group’s zero-click exploitation technology, where no interaction from the target was […]

The post NSO Group’s latest spyware on par with nation-state abilities, researchers say appeared first on CyberScoop.

Continue reading NSO Group’s latest spyware on par with nation-state abilities, researchers say

NSO Group tech reportedly used to hack US officials’ iPhones

Nearly a dozen iPhones associated with U.S. State Department employees were hacked using spyware developed by Israel-based NSO Group, Reuters first reported Friday. The attacks were carried out in the last several months by an unknown assailant on U.S. officials either based in Uganda or focused on the country, sources told Reuters. The Washington Post and CNN also confirmed the intrusions. Previous reporting on NSO Group suggested that U.S. officials’ phones may have been targeted using software developed by NSO Group, but Friday’s report is the first to confirm successful breaches. As many as 11 U.S. diplomats received notices from Apple that they may have been targeted with the spyware, the Post reported. Apple began notifying potential targets around the world that they may have been targeted by the NSO Group software on Nov. 23, the same day the tech firm announced a lawsuit against NSO Group for allegedly violating […]

The post NSO Group tech reportedly used to hack US officials’ iPhones appeared first on CyberScoop.

Continue reading NSO Group tech reportedly used to hack US officials’ iPhones

Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit

On the same day Apple announced a lawsuit against Israeli spyware vendor NSO Group for developing hacking tools to help breach iOS technology, the company was notifying potential targets of those exploits. El Faro, a news organization in San Salvador, El Salvador, reported late Tuesday that 12 of its staff members received notices from the company, which warned that that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” The company also sent notices to four others in San Salvador who are “leaders of Civil Society organizations and opposition political parties,” the news organization reported. Notices were also sent to six Thai activists and researchers critical of the government there, Reuters reported. NSO Group develops software designed to allow access to target devices through various bugs in Apple’s technology. A company spokesperson told CyberScoop Tuesday that its […]

The post Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit appeared first on CyberScoop.

Continue reading Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit

Apple sues NSO Group, spyware vendor known for helping governments hack critics

Apple is suing Israeli spyware vendor NSO Group “to hold it accountable for the surveillance and targeting of Apple users,” the company announced Tuesday. The technology company is seeking to permanently ban NSO Group from using any Apple software, services or devices amid reports that the firm sells technology that makes it possible for governments to hack individual devices to spy on journalists, dissidents and human rights activists. As part of those efforts NSO Group has developed exploits capable of subverting Apple’s security controls, requiring “thousands of hours to investigate the attacks, identify the harm, diagnose the extent of the impact and exploitation, and develop and deploy the necessary repairs and patches to ensure that Apple servers,” the suit says.  NSO Group did not immediately respond to a request for comment on Tuesday. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” […]

The post Apple sues NSO Group, spyware vendor known for helping governments hack critics appeared first on CyberScoop.

Continue reading Apple sues NSO Group, spyware vendor known for helping governments hack critics