Cherie Blair and the Dubai ruler who spied on his ex-wife’s phone with Pegasus spyware

The UK High Court has determined that the ruler of Dubai, Sheikh Mohammed Al Maktoum, had his ex-wife’s smartphone hacked with the notorious Pegasus spyware, sold by the equally notorious NSO Group.

But what I find particularly fascinating is who bl… Continue reading Cherie Blair and the Dubai ruler who spied on his ex-wife’s phone with Pegasus spyware

Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords

Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report. Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. The malware had a realistic-looking “Anti Pegasus” user interface. In fact, victims downloaded Sarwent, a malicious software that gives attackers a backdoor to a victim’s machine. Hackers can use that access to download and execute other malicious tools as well as exfiltrate data such as passwords. The campaign preys on growing concerns around the threat of spyware. Human rights advocates have long criticized the NSO Group for the use of its technology by governments to spy on activists, dissidents and journalists. A sweeping July report by […]

The post Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords appeared first on CyberScoop.

Continue reading Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords

Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood

A Walmart press release says it’s jumping aboard the cryptocurrency bus – but is it true? Theranos’s Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?

All this and much mo… Continue reading Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood

UN calls for human rights safeguards on artificial intelligence

The United Nations’ top human rights official Wednesday called for a global moratorium on the sale and use of artificial intelligence systems that pose human rights concerns until safeguards are put in place. “We cannot afford to continue playing catch-up regarding AI – allowing its use with limited or no boundaries or oversight, and dealing with the almost inevitable human rights consequences after the fact,” U.N. High Commissioner for Human Rights Michelle Bachelet said alongside the release of a report on the emerging technology. “The power of AI to serve people is undeniable, but so is AI’s ability to feed human rights violations at an enormous scale with virtually no visibility.” The U.N. did not list specific AI tools that governments should ban. Instead, the report points to a number of ways the technology is used in decision-making that can have life-altering consequences, including the rise in the use of […]

The post UN calls for human rights safeguards on artificial intelligence appeared first on CyberScoop.

Continue reading UN calls for human rights safeguards on artificial intelligence

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild. About the vulnerabilities (CVE-2021-30860, CVE-2021-30858) A… Continue reading Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Apple patches against alleged NSO Group zero-click exploit used on activists

Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers. The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said. The exploit uses a manipulated gif to crash Apple’s image rendering library. It then launches spyware that researchers say shares distinct features with NSO Group’s Pegasus spyware. Researchers have named the exploit “FORCEDENTRY.” Zero-click exploits prove especially dangerous because they don’t require users to open the malicious message or link for hackers to gain access to your phone. Researchers are urging Apple Mac, iPhone and Apple Watch users to immediately update their iOS software. The NSO Group exploit was a zero-day, or previously unknown, vulnerability. It’s […]

The post Apple patches against alleged NSO Group zero-click exploit used on activists appeared first on CyberScoop.

Continue reading Apple patches against alleged NSO Group zero-click exploit used on activists

Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab. The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers. Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction. Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS […]

The post Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says appeared first on CyberScoop.

Continue reading Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

UN experts join growing calls for moratorium on surveillance technology

United Nations experts on Thursday called for a halt to the sale and transfer of surveillance technology until countries introduce a regulatory framework to address the human rights impact of its abuse. “It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone,” the experts warned. The statement specifically singles out the Israeli spyware company NSO Group, which has been condemned for years by privacy advocates for aiding authoritarian regimes in tracking and intimidating journalists, human rights advocates and dissidents. The call for action follows a report from Amnesty International that the company’s Pegasus spyware was more widely used than previously thought. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a Amnesty’s investigation with the French journalism nonprofit […]

The post UN experts join growing calls for moratorium on surveillance technology appeared first on CyberScoop.

Continue reading UN experts join growing calls for moratorium on surveillance technology

Apple patches zero-day flaw that hackers may have exploited

Apple has released updates for its mobile, iPad and computer operating systems, fixing a zero-day flaw that appears to be the subject of active exploitation. The patch comes mere days after another update that tackled 40 vulnerabilities. The latest software update comes in the wake of reports that the Israeli spyware firm NSO Group had developed a hacking tool that helps its customers remotely compromise iOS systems. Whether the patch address those technical issues was not immediately clear. Apple did not immediately respond to a request for comment. The prior Apple update did not address the NSO Group exploits. The iOS 14.7.1, iPadOS 14.7.1 and Big Sur 11.5.1 patch notes are likewise mum, other than to say that an anonymous researcher brought the vulnerability to Apple’s attention. The issue involved improper access to kernel mode, which a hacker could have abused to access the underlying hardware on a device, and […]

The post Apple patches zero-day flaw that hackers may have exploited appeared first on CyberScoop.

Continue reading Apple patches zero-day flaw that hackers may have exploited