Security News

Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company's controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits - including a zero-click zero-day in iOS. A consortium of journalists leveled the allegations in a report called Pegasus Project, which was published Sunday. It examined leaked data from the NSO Group, which revealed a cache of more than 50,000 mobile phone numbers worldwide that the firm was storing, according to the report published by the Guardian newspaper.

Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits. Citizen Lab was able to independently observe NSO Pegasus spyware deployed on an iPhone 12 Pro Max running iOS 14.6, hacked via a zero-day zero-click iMessage exploit, which does not require interaction from the target.

The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. "Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said.

Amnesty International and French journalism advocacy organisation Forbidden Stories say they've acquired a leaked list of individuals targeted by users of Israeli spyware-for-law-enforcement operator NSO Group, and that Heads of State, academics, diplomats, human rights advocates, and media figures are among those targeted. Perhaps the most explosive claim is that NSO products were used to target family members of Saudi journalist Jamal Khashoggi in the days before he was murdered in Istanbul.

An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday. The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar.

In an open letter this month, the Chaos Computer Club - along with Google, Facebook, and others - said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.