Collaborate Disseminate
Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000. Continue reading As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits
Very few people have heard of them, but “dev-fused” iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world. Continue reading The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code
Companies that buy and sell exploits, or zero-days, are now willing to offer seven figures for hacks that allow spies and cops to steal WhatsApp, iMessage and other chat app messages. Continue reading You Can Now Get $1 Million for Hacking WhatsApp and iMessage
A source managed to see Israeli surveillance vendor NSO Group’s powerful iPhone malware up close. Despite a wave of highly controversial customers, the company appears to be popular worldwide. Continue reading They Got ‘Everything’: Inside a Demo of NSO Group’s Powerful iPhone Malware
Dubai-based Crowdfense, which buys zero day exploits for iOS and a variety of other platforms, is trying to streamline the process of sourcing vulnerabilities. Continue reading Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments
An Amnesty International employee and Saudi Arabian activist were targeted with what appears to be commercial spyware only sold to governments. In a lengthy blog post released Wednesday, London-based Amnesty International revealed that a suspicious message with a malicious link was sent to an employee. Citizen Lab, a Canadian research organization, helped analyze the incident and posted its own set of findings, which corroborated Amnesty’s report. Both suggest that the malicious messages bore the marks of Pegasus, a highly sophisticated commercial spyware and exploitation tool sold by NSO Group, a secretive Israeli surveillance company that only sells its highly proprietary wares to authorized governments. In June, an Amnesty employee received a WhatsApp message in Arabic with Saudi Arabia-related content and a malicious link. Earlier this summer, a Saudi human rights activist living abroad also received SMS messages with a similar link. Neither were opened. Had the recipients clicked the links, researchers believe that they […]
The post Report: Powerful spyware used to target Amnesty International employee and Saudi activist appeared first on Cyberscoop.
Even though the Shadow Brokers told customers to use privacy-focused cryptocurrency Zcash, researchers may have found clues pointing to who tried to buy more of the group’s wares. Continue reading Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools
Moscow-based Gleg provides zero-day exploits for medical software, and those in the medical industry are concerned about disclosure. But the exploits themselves may not be all that important in real world attacks. Continue reading This Russian Company Sells Zero-Day Exploits for Hospital Software
Zero-days in PDF readers, updates to Debain Stretch, killer robots are coming, and more. Jason Wood of Paladin Security discusses sexually charged sonar-based attacks on this episode of Hack Naked News! News Raspberry Pi OS refresh: Raspbian’s update to Debian Stretch is out now | ZDNet – includes new versions of pre-installed Raspbian applications, Bluetooth improvements, […]
The post August 22, 2017 – Hack Naked News #137 appeared first on Security Weekly.
Black Hat may be the benchmark signaling the end of security nihilism and snark, and a re-prioritization of energy toward the greater good. Continue reading Will The Real Security Community Please Stand Up