Apple patches against alleged NSO Group zero-click exploit used on activists

Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers. The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said. The exploit uses a manipulated gif to crash Apple’s image rendering library. It then launches spyware that researchers say shares distinct features with NSO Group’s Pegasus spyware. Researchers have named the exploit “FORCEDENTRY.” Zero-click exploits prove especially dangerous because they don’t require users to open the malicious message or link for hackers to gain access to your phone. Researchers are urging Apple Mac, iPhone and Apple Watch users to immediately update their iOS software. The NSO Group exploit was a zero-day, or previously unknown, vulnerability. It’s […]

The post Apple patches against alleged NSO Group zero-click exploit used on activists appeared first on CyberScoop.

Continue reading Apple patches against alleged NSO Group zero-click exploit used on activists

Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab. The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers. Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction. Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS […]

The post Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says appeared first on CyberScoop.

Continue reading Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

UN experts join growing calls for moratorium on surveillance technology

United Nations experts on Thursday called for a halt to the sale and transfer of surveillance technology until countries introduce a regulatory framework to address the human rights impact of its abuse. “It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone,” the experts warned. The statement specifically singles out the Israeli spyware company NSO Group, which has been condemned for years by privacy advocates for aiding authoritarian regimes in tracking and intimidating journalists, human rights advocates and dissidents. The call for action follows a report from Amnesty International that the company’s Pegasus spyware was more widely used than previously thought. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a Amnesty’s investigation with the French journalism nonprofit […]

The post UN experts join growing calls for moratorium on surveillance technology appeared first on CyberScoop.

Continue reading UN experts join growing calls for moratorium on surveillance technology

Apple patches zero-day flaw that hackers may have exploited

Apple has released updates for its mobile, iPad and computer operating systems, fixing a zero-day flaw that appears to be the subject of active exploitation. The patch comes mere days after another update that tackled 40 vulnerabilities. The latest software update comes in the wake of reports that the Israeli spyware firm NSO Group had developed a hacking tool that helps its customers remotely compromise iOS systems. Whether the patch address those technical issues was not immediately clear. Apple did not immediately respond to a request for comment. The prior Apple update did not address the NSO Group exploits. The iOS 14.7.1, iPadOS 14.7.1 and Big Sur 11.5.1 patch notes are likewise mum, other than to say that an anonymous researcher brought the vulnerability to Apple’s attention. The issue involved improper access to kernel mode, which a hacker could have abused to access the underlying hardware on a device, and […]

The post Apple patches zero-day flaw that hackers may have exploited appeared first on CyberScoop.

Continue reading Apple patches zero-day flaw that hackers may have exploited

Pegasus Spyware is Back, Twitter Hacker Arrested, 16 Year Old Printer Bug

Pegasus spyware and NSO Group are back in the news because of a data leak of 50,000 phone numbers, another “hacker” was arrested for the great Twitter hack of 2020, and how a 16 year old printer vulnerability is affecting millions of HP, Samsung, and X… Continue reading Pegasus Spyware is Back, Twitter Hacker Arrested, 16 Year Old Printer Bug

Smashing Security podcast #237: NuNa, NuNu, NaNa

Spy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a “Freedom Phone” be trusted? And a ransomware-hit law firm demonstrates how not to keep its cust… Continue reading Smashing Security podcast #237: NuNa, NuNu, NaNa

Apple’s Insecure iPhone Lets NSO Hack Journalists (Again)

Yet another zero-day bug in iOS has allowed notorious spyware vendor NSO Group to break into the iPhones of journalists and activists.
The post Apple’s Insecure iPhone Lets NSO Hack Journalists (Again) appeared first on Security Boulevard.
Continue reading Apple’s Insecure iPhone Lets NSO Hack Journalists (Again)

Sweeping report details how NSO Group spyware leverages iOS software for surveillance

NSO Group’s Pegasus spyware may be actively exploiting the most recent software in the iPhone 12 to monitor victims through the world, according to a sweeping new report from Amnesty International. “These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the group wrote in a report published on July 18. “We have reported this information to Apple, who informed us they are investigating the matter.” The revelation comes as part of a broader investigation into the use of the notorious spyware. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a joint investigation between Amnesty, French journalism nonprofit Forbidden Stories and 17 media organizations including The Washington Post. Targets included Hatice Cengiz, fiancee of murdered […]

The post Sweeping report details how NSO Group spyware leverages iOS software for surveillance appeared first on CyberScoop.

Continue reading Sweeping report details how NSO Group spyware leverages iOS software for surveillance

Tech titans throw weight behind WhatsApp allegations in NSO surveillance lawsuit

Facebook’s lawsuit against Israeli software surveillance firm NSO Group just got a big boost from tech titans across the U.S. Microsoft, alongside Google, Cisco, GitHub, LinkedIn, VMWare and the Internet Association, filed an amicus brief Monday to join the lawsuit, which alleges that NSO Group exploited a vulnerability in WhatsApp last year to spy on thousands of users, such as journalists, dissidents and human rights activists. More filings from other companies and organizations are expected in the coming days. Access Now, Amnesty International, the Committee to Protect Journalists, Internet Freedom Foundation, Paradigm Initiative, Privacy International, Reporters Without Borders and Red en Defensa de los Derechos Digitales (R3D), are expected to file another amicus brief in support of WhatsApp on Wednesday, CyberScoop has learned. The suit, which Facebook’s WhatsApp filed last year, is currently under appeal in U.S. Court of Appeals for the Ninth Circuit. The Israeli firm’s lawyers have argued […]

The post Tech titans throw weight behind WhatsApp allegations in NSO surveillance lawsuit appeared first on CyberScoop.

Continue reading Tech titans throw weight behind WhatsApp allegations in NSO surveillance lawsuit

NSO ‘Pegasus’ Hacking Tool Targets Journalists Again

The NSO Group sells hacking paraphernalia to oppressive regimes. Its Pegasus tool set has been caught hacking journalists.
The post NSO ‘Pegasus’ Hacking Tool Targets Journalists Again appeared first on Security Boulevard.
Continue reading NSO ‘Pegasus’ Hacking Tool Targets Journalists Again