Security News

A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised - while calling out spyware vendor NSO Group as a "Red flag" for the UK infosec community. Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "Something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."

Cherie Blair tipped off a Jordanian princess that the royal's estranged husband, the Sheikh of Dubai, had deployed NSO Group's Pegasus malware against her and her lawyers, a series of explosive High Court judgments [PDFs] have revealed. Sheikh Mohammed bin Rashid al Maktoum, the absolute ruler of Dubai, was found to have ordered the deployment of one of the world's most potent malware strains against Princess Haya bint Hussein, his former wife and a member of the Jordanian royal family, during a bitter court battle over custody of their children.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

The United Nations has called for a moratorium on the sale of "Life threatening" surveillance technology and singled out the NSO Group and Israel for criticism. The UN announcement then zeroes in on NSO Group, calling on it to "Disclose whether or not it ever conducted any meaningful human rights due diligence in line with the UN Guiding Principles on Business and Human Rights and publish fully the findings of any internal probes it may have undertaken on this issue".

Authorities from multiple agencies of the Israeli government paid a visit the offices of the NSO Group as part of a new investigation into claims that the secretive firm is selling its spyware to threat actors for targeted attacks, according to the Israeli Ministry of Defense. Specifically, Israeli agents visited NSO Group's offices in Herzliya, near the city of Tel Aviv, according to a post by analyst firm Recorded Future's The Record.

Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely - and perhaps willingly - misused. The allegations were raised by Amnesty International and a consortium of newspapers that gained access to a 50,000-entry list of mobile phone numbers claimed to have been touched by NSO's Pegasus product - spyware that makes a smartphone an open book.

The NSO Group, a purveyor of spyware it hopes governments and law enforcement bodies will use to fight terrorism, has announced it will not answer any further questions about allegations raised by Amnesty International and Forbidden Stories that its products have been widely misused. In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.

News of a zero-click zero-day in Apple's iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple's closed ecosystem, and varying views on NSO Group's culpability for how Pegasus is used. He added, "Apple aims their statements about security and privacy at consumers. However, the majority of the individuals targeted by the NSO group are not categorized as typical consumers and Apple needs to recognize that securing these individuals may require help from third parties."

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware - used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others - was hacked. Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group's software.