• chevron_right

      WhatsApp finally forces Pegasus spyware maker to share its secret code

      news.movim.eu / ArsTechnica · Friday, 1 March - 20:27

    WhatsApp finally forces Pegasus spyware maker to share its secret code

    Enlarge (credit: NurPhoto / Contributor | NurPhoto )

    WhatsApp will soon be granted access to explore the "full functionality" of the NSO Group's Pegasus spyware—sophisticated malware the Israeli Ministry of Defense has long guarded as a "highly sought" state secret, The Guardian reported .

    Since 2019, WhatsApp has pushed for access to the NSO's spyware code after alleging that Pegasus was used to spy on 1,400 WhatsApp users over a two-week period, gaining unauthorized access to their sensitive data, including encrypted messages. WhatsApp suing the NSO, Ars noted at the time, was "an unprecedented legal action" that took "aim at the unregulated industry that sells sophisticated malware services to governments around the world."

    Initially, the NSO sought to block all discovery in the lawsuit, "due to various US and Israeli restrictions," but that blanket request was denied. Then, last week, the NSO lost another fight to keep WhatsApp away from its secret code.

    Read 12 remaining paragraphs | Comments

    • chevron_right

      Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS

      news.movim.eu / ArsTechnica · Thursday, 7 September, 2023 - 22:47

    Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS

    Enlarge (credit: Apple)

    Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.

    The CVE-2023-41064 and CVE-2023-41061 flaws were reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Also dubbed "BLASTPASS," Citizen Lab says that the bugs are serious because they can be exploited just by loading an image or attachment, which happens regularly in Safari, Messages, WhatsApp, and other first- and third-party apps. These bugs are also called "zero-click" or "clickless" vulnerabilities.

    Citizen Lab also said that the BLASTPASS bug was "being used to deliver NSO Group’s Pegasus mercenary spyware ," the latest in a long line of similar exploits that have been used to infect fully patched iOS and Android devices.

    Read 3 remaining paragraphs | Comments

    • chevron_right

      Cyberweapon manufacturers plot to stay on the right side of US

      news.movim.eu / ArsTechnica · Wednesday, 31 May, 2023 - 13:04

    Montage of Paragon and NSO Group logos

    Enlarge (credit: FT montage/Shutterstock/Dreamstime)

    In the summer of 2019, as Paragon Solutions was building one of the world’s most potent cyberweapons, the company made a prescient decision: before courting a single customer, best get the Americans on side.

    The Israeli start-up had watched local rival NSO Group, makers of the controversial Pegasus spyware, fall foul of the Biden administration and be blacklisted in the US. So Paragon sought guidance from top American advisers, secured funding from US venture capital groups, and eventually scored a marquee client that eludes its competition: the US government.

    Interviews with half a dozen industry figures about the divergent paths of the two companies underline how the shadowy spyware industry is being reshaped around those friendly to American interests.

    Read 26 remaining paragraphs | Comments

    • chevron_right

      Biden’s executive order limits government’s use of commercial spyware

      news.movim.eu / ArsTechnica · Monday, 27 March, 2023 - 21:31

    Biden’s executive order limits government’s use of commercial spyware

    Enlarge (credit: Getty Images)

    President Joe Biden on Monday signed an executive order barring many uses by the federal government of commercial spyware, which has been increasingly used by other countries in recent years to surveil dissidents, journalists, and politicians.

    The signing of the executive order came as administration officials told journalists that roughly 50 US government personnel in at least 10 countries had been infected or targeted by such spyware, a larger number than previously known. The officials didn’t elaborate.

    Commercial spyware is sold by a host of companies, with the best known being NSO Group of Israel. The company sells a hacking tool known as Pegasus that can surreptitiously compromise both iPhones and Android devices using “clickless” exploits, meaning they require no user interaction. By sending a text or ringing the device, Pegasus can install spying software that steals contacts, messages, geo locations, and more, even when the text or call isn’t answered. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon.

    Read 5 remaining paragraphs | Comments

    • chevron_right

      Ce groupe de cyberespionnage mondial veut devenir le nouveau NSO (Pegasus)

      news.movim.eu / Numerama · Friday, 2 September, 2022 - 06:11

    Des documents ont fuité sur un forum de hacker présentant une offre d'infiltration de smartphone par l'entreprise Intellexa. Ce groupe de cyberespionnage composé de plusieurs entités, dont une Française, ambitionne de devenir le nouveau leader sur le marché. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Apple imagine un mode de « protection extrême » pour résister aux attaques les plus sophistiquées

      news.movim.eu / Numerama · Thursday, 7 July, 2022 - 10:22

    Apple tente une autre tactique contre les attaques informatiques de très haut niveau : l'entreprise lance un mode de sécurité « extrême », censé offrir un niveau de sécurité supérieur. Mais cela n'est possible qu'en renonçant à certaines fonctionnalités de l'iPhone. Cependant, ce mode ne s'adresse pas à 99,9 % des individus. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/