Found 29 bookmarks
Custom sorting
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.
#techcrunch#EN#2023#state-sponsored#attacks#Pegasus#Apple#India#Amnesty#spyware#iPhone
·techcrunch.com·
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.
#CitizenLab#EN#2023#Serbia#Pegasus#spyware#homekit#iOS
·citizenlab.ca·
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox's Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox's Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.
#CitizenLab#EN#2023#spyware#Egypt#Predator#CVE-2023-41991#CVE-2023-41992#CVE-2023-41993
·citizenlab.ca·
PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
0-days exploited by commercial surveillance vendor in Egypt
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device. In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
#Google#EN#2023#TAG#Apple#Android#CitizenLab#Predator#spyware#Intellexa#CVE-2023-41993#CVE-2023-41991#CVE-2023-41992#Exploit#Chain#0-days
·blog.google·
0-days exploited by commercial surveillance vendor in Egypt
A Matter of Triangulation.
A Matter of Triangulation.
Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using
#kaspersky#EN#2023#iOS#0-Click#Triangulation#iphone#spyware#Apple
·eugene.kaspersky.com·
A Matter of Triangulation.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. * Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). * Our research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. Our findings include an in-depth walkthrough of the infection chain, including the implants’ various information-stealing capabilities. * A deep dive into both spyware components indicates that ALIEN is more than just a loader for PREDATOR and actively sets up the low-level capabilities needed for PREDATOR to spy on its victims. * We assess with high confidence that the spyware has two additional components — tcore (main component) and kmem (privilege escalation mechanic) — but we were unable to obtain and analyze these modules. * If readers suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats.
#talosintelligence#EN#2023#PREDATOR#spyware#Intellexa#ALIEN#analysis#Android
·blog.talosintelligence.com·
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia. Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.
#arstechnica#EN#2023#Smartphone#PREDATOR#0-days#spyware#Android
·arstechnica.com·
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
#microsoft#EN#2023#QuaDream#spyware#spy#IoCs#DEV-0196#iOS#calendar#zero-click#REIGN
·microsoft.com·
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.
#CitizenLab#EN#2023#QuaDreams#Spyware#spyware#spy#iPhone#calendar#zero-click
·citizenlab.ca·
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
Spyware vendors use 0-days and n-days against popular platforms
Spyware vendors use 0-days and n-days against popular platforms
Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians.
#GoogleTAG#EN#2023#0-days#Spyware#Italy#Malaysia#Kazakhstan#CVE-2022-42856#Webkit#Samsung#CVE-2022-4262#CVE-2023-0266
·blog.google·
Spyware vendors use 0-days and n-days against popular platforms
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.
#nytimes#EN#2023#spy#cyberespionage#U.S#Meta#Spyware#Predator
·nytimes.com·
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
#microsoft#EN#2023#QuaDream#spyware#spy#IoCs#DEV-0196#iOS#calendar#zero-click#REIGN
·microsoft.com·
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.
#CitizenLab#EN#2023#QuaDreams#Spyware#spyware#spy#iPhone#calendar#zero-click
·citizenlab.ca·
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
Spyware vendors use 0-days and n-days against popular platforms
Spyware vendors use 0-days and n-days against popular platforms
Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians.
#GoogleTAG#EN#2023#0-days#Spyware#Italy#Malaysia#Kazakhstan#CVE-2022-42856#Webkit#Samsung#CVE-2022-4262#CVE-2023-0266
·blog.google·
Spyware vendors use 0-days and n-days against popular platforms
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.
#nytimes#EN#2023#spy#cyberespionage#U.S#Meta#Spyware#Predator
·nytimes.com·
Meta Manager Was Hacked With Spyware and Wiretapped in Greece