Security News
U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "Poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person."
US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security - a title that is not quite as simple it seems. The Order and explanatory statement point out that commercial spyware has been used by authoritarian regimes to target activists and journalists, has been deployed without proper authority in democracies, and poses a security risk to the US and other nations.
The New York Times is reporting that a US citizen's phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta's security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.
Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. Apparently, tvOS recently received a product-specific functionality fix that already used up the version number 16.3.1 for Apple TVs. As we've seen before, mobile devices still using iOS 15 and iOS 12 get nothing, but whether that's because they're immune to this bug or simply that Apple hasn't got round to patching them yet.
The New York attorney general's office has announced a $410,000 fine for a stalkerware developer who used 16 companies to promote surveillance tools illegally. Patrick Hinchy, the spyware vendor, also agreed to alert his customers' victims that their phones are being secretly monitored using one of his multiple apps, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, or TurboSpy.
The State Cyber Protection Centre of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. All the analyzed VBScript droppers and PowerShell scripts, per SCPC, are variants of GammaLoad and GammaSteel malware, respectively, effectively permitting the adversary to exfiltrate sensitive information.
The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones. Previously, the US Solicitor General filed an amicus brief [PDF] advising the Supreme Court not to hear the spyware developer's case, noting "NSO plainly is not entitled to immunity here."
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."
The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. A second set of 250 accounts on Facebook and Instagram linked to another Israeli company called QuaDream was found "Engaged in a similar testing activity between their own fake accounts, targeting Android and iOS devices in what we assess to be an attempt to test capabilities to exfiltrate various types of data including messages, images, video and audio files, and geolocation."
We've written, admittedly with a mixture of fascination and delight, about their work on many occasions before, including wacky tricks such as GAIROSCOPE, LANTENNA and the FANSMITTER. This time, the researchers have given their new trick the unfortunate and perhaps needlessly confusing name COVID-bit, where COV is explicitly listed as standing for "Covert", and we're left to guess that ID-bit stands for something like "Information disclosure, bit-by-bit". How can you use the radio noise of an SMPS switching millions of times a second to convey anything other than noise?