Security News

Former ADT employee Telesforo Aviles took note when there were attractive women at a home he serviced in the Dallas area. Aviles admitted to regularly adding his own email address to customers' ADT Pulse accounts so he could watch customers in real time without them knowing.

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.

A webshell called BumbleBee has taken flight in an ongoing xHunt espionage campaign that has targeted Microsoft Exchange servers at Kuwaiti organizations. "We found BumbleBee hosted on an internal Internet Information Services web server on the same network as the compromised Exchange server, as well as on two internal IIS web servers at two other Kuwaiti organizations," researchers explained in a Monday blog.

A landmark High Court ruling has struck down Britain's ability to hack millions of people at a time through so-called "General warrants" in what privacy campaigners are hailing as a major victory. Speaking on Friday afternoon when the judicial review judgment was handed down, Caroline Wilson Palow, PI's legal director, said in a statement: "General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles."

Striving to further diversify its ranks, the CIA launched a new website Monday to find top-tier candidates who will bring a broader range of life experiences to the nation's premier intelligence agency. The revamped website has links for browsing CIA jobs complete with starting salaries and requirements, sections on working at the agency, and a streamlined application process.

Accused hacker and WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, Westminster Magistrates' Court has ruled. District Judge Vanessa Baraitser told Assange this morning that there was no legal obstacle to his being sent to the US, where he faces multiple criminal charges under America's Espionage Act and Computer Fraud and Abuse Act over his WikiLeaks website.

All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices. The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.

The ongoing, growing campaign is "Effectively an attack on the United States and its government and other critical institutions," Microsoft warned. There are six known federal entities that have been impacted by the attack: The Pentagon, the Department of Energy, the Department of Homeland Security, the National Institute of Health, the Department of Treasury and the Department of Commerce.

Police forces were found by IPCO to be treating applications to use spying powers as a tickbox exercise, perhaps unsurprisingly given that these are self-authorisations rubberstamped by police managers themselves. "To provide oversight that satisfies this judgment, IPCO reviewed the use of bulk data at GCHQ and has now incorporated the sharing of bulk data with foreign partners into its regular oversight and inspection arrangements," said IPCO in a statement.

"We identified a server used to deliver a malicious.lnk file and host multiple credential-phishing pages," wrote researchers, in a Wednesday posting. On the email front, researchers found that many malicious initial files are being used in the campaign, including a.lnk file that in turn downloads an.