Security News

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "Unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor said in its preliminary remarks.

ForcedEntry - the exploit of a zero-click iMessage zero day that circumvented Apple's then-brand-new BlastDoor security feature starting a year ago - was picked apart not just by NSO Group with its Pegasus spyware but also by a newly uncovered, smaller smartphone-hacking toolmaker named QuaDream. Two sources also said that QuaDream and NSO Group came up with the iPhone exploit techniques on their own, separately - as opposed to collaborating.

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The zero-click exploit in question is FORCEDENTRY, a flaw in iMessage that could be leveraged to circumvent iOS security protections and install spyware that allowed attackers to scoop up a wealth of information such as contacts, emails, files, messages, and photos, as well as access to the phone's camera and microphone.

The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland's diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. Last summer, the Guardian newspaper published a report from journalists who reviewed data leaked from NSO Group that found 50,000 phone numbers they believe were being monitored for their clients, dating back to 2016, including Amnesty International employees, human rights lawyers and more.

Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign. "Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity," the Ministry said in a statement published today.

Attackers are targeting industrial enterprises with spyware campaigns that hunt for corporate credentials so they can be used both for financial gain and to cannibalize compromised networks to propagate future attacks, researchers have found. Researchers dubbed the attacks "Anomalous" because they veer from typical spyware attacks, Kaspersky's Kirill Kruglov wrote in a report published this week on the SecureList blog.

Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors. Kaspersky calls these spyware attacks 'anomalous' because of their very short-lived nature compared to what is considered typical in the field.

The US National Counterintelligence and Security Center and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools. Tips shared in the joint advisory are designed to help people at risk of being targeted by surveillance campaigns block attempts to track their location, record their conversations, and harvest their personal information and online activity using mercenary spyware deployed on their mobile devices.

Kaspersky researchers said in a Thursday report that from Jan. 20 to Nov. 10, the actors behind the vast campaign were targeting government organizations and industrial control systems across a range of industries, including engineering, building automation, energy, manufacturing, construction, utilities and water management. The operators behind PseudoManuscrypt are using fake pirated software installer archives to initially download the spyware onto targets' systems.

Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses. In a letter [PDF] signed by US Senator Ron Wyden, House Intelligence Committee Chairman Adam Schiff, and 16 others, the legislators urge Secretary of the Treasury Janet Yellen and Secretary of State Antony Blinken to apply sanctions to the NSO Group, UAE-based DarkMatter Group, and EU-based Nexa Technologies and Trovicor, under the Global Magnitsky Act.