Security News

The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. "Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said.

Amnesty International and French journalism advocacy organisation Forbidden Stories say they've acquired a leaked list of individuals targeted by users of Israeli spyware-for-law-enforcement operator NSO Group, and that Heads of State, academics, diplomats, human rights advocates, and media figures are among those targeted. Perhaps the most explosive claim is that NSO products were used to target family members of Saudi journalist Jamal Khashoggi in the days before he was murdered in Istanbul.

An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday. The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar.

In an open letter this month, the Chaos Computer Club - along with Google, Facebook, and others - said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.

A new malicious piece of spyware is targeting Android users in the U.K. in an attempt to snag their passwords and other private information. Affecting Android phones and devices across the U.K., FluBot is triggered after a user receives a text message asking them to install a tracking app in response to a "Missed delivery package." Clicking on the link in the text directs the victim to a scam website that launches the spyware.

Roid mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called "Flubot," according to the U.K.'s National Cyber Security Centre. The malware is delivered to targets through SMS texts and prompts them to install a "Missed package delivery" app.