Security News

A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day. The spyware-laden apps were discovered by researchers at Qihoo 360 who found various apps disguised as social applications, Threema, Al-Aqsa Radio, Al-Aqsa Mosque, Jerusalem Guide, PDF viewer, Wire, and other applications.

Citizen Lab is reporting that a New York Times journalist was hacked with the NSO Group’s spyware Pegasus, probably by the Saudis. The world needs to do something about these cyberweapons arms...

More than six years after proposing export restrictions on "Intrusion software," the US Commerce Department's Bureau of Industry and Security has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code. The BIS on Wednesday announced an interim final rule that defines when an export license will be required to distribute what is basically commercial spyware, in order to align US policy with the 1996 Wassenaar Arrangement, an international arms control regime.

A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team", which has been linked to cyber offensives in India and Pakistan, while also identifying apparent evidence linking the group's infrastructure to an Indian company called Innefu Labs.

A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists. The investigation comes from Amnesty International's team, who confirmed a case of espionage against a Togolese activist and also observed signs of spyware deployment across several key Asian regions.

A malware peddler has created a fake website posing as Amnesty International to serve gullible marks with software that claims to protect users against NSO Group's Pegasus malware. Trading on fears about the Pegasus malware, this development takes the usual evolution of malware download lures and picks a particularly nasty vector, preying on those looking for protection against advanced threats.

Kaspersky has presented the findings of an eight-month probe into the FinFisher spyware toolset - including the discovery of a UEFI "Bootkit" infection method and "Advanced anti-analysis methods" such as "Four-layer obfuscation." The toolkit receives frequent updates to evade detection and add new functionality, with Kaspersky having previously investigated a 2019 update which boosted its spying capabilities to include chat, physical movement, microphone, and camera access, alongside locally stored data capture and exfiltration.

Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.

Nowadays, how does one separate employees' smartphones from the corporate network when they are used for multi-factor authentication and reading work emails? The internal to external network boundaries have become blurry. There are a range of security policies for dealing with users' smartphones, from the most restrictive approach - no smartphone access allowed - to an open approach that allows personal phones to connect to the internal corporate network.

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac. Apple has pushed out an update for most of its major products to protect them from a strain of spyware that has already targeted a number of people.