In what the White House says is a precedent-setting move, President Biden has signed an executive order prohibiting use by the U.S. Government of “commercial spyware,” powerful cyber technology used by state actors to spy on journalists, dissidents and human rights activists. The White House defined the class of apps as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users,” explaining such technology “has proliferated in recent years with few controls and high risk of abuse.” Continue reading Biden Restricts the Government Use of Commercial Spyware

Apple is previewing a new security capability for its upcoming iOS 16 release that is designed to help high-value targets fend off state-sponsored cyberattacks. Politicians, journalists, industrial leaders can all benefit from Lockdown Mode, says Apple, which also shared details of a $10 million research grant to help civil society organizations battle mercenary spyware threats. Emphasizing Lockdown Mode is “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security,” Apple says it will debut this fall, including for the iPadOS 16 and macOS Ventura. Continue reading Apple’s Lockdown Mode Combats State-Sponsored Spyware

Google has removed dozens of apps from the Google Play Store after finding they were harvesting data from millions of Android phones. The spyware creator, Panama’s  Measurement Systems S. de R.L., has been linked with a Virginia defense contractor that has done work for U.S. national-security agencies in the areas of cyberintelligence, network defense and intelligence intercepts. Researchers found the errant code embedded in apps for Muslim prayers, speed-trap detection, QR-code reading and other popular consumer programs that have been downloaded more than 10 million times. Continue reading Researchers Discover Malware on Apps in Google Play Store

Human rights are center stage in a Congressional request to the U.S. Treasury Department for sanctions against Israeli spyware firm NSO Group and three additional foreign surveillance companies that allegedly aided authoritarian governments in committing criminal moral abuses. In a letter signed by Senate Finance Committee chairman Ron Wyden (D-Oregon), House Intelligence Committee chairman Adam Schiff (D-California) and 16 other Democratic lawmakers, Treasury was also asked to slap down UAE cybersecurity firm DarkMatter, European bulk surveillance mills Nexa Technologies and Trovicor, and top executives at those firms. Continue reading Lawmakers Urge Treasury Sanctions Against Spyware Firms

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Google is introducing new security solutions for Google Cloud, in addition to expanding availability of its Risk Protection Program. Google Cloud vice president and general manager Sunil Potti explained that the updates are part of a larger vision of “invisible security” within the cloud where silos will “eventually” disappear after all security tech is engineered into it. He added that, “rather than essentially build products that fix problems with other products … you have to hit the reset button and embrace something fundamental.” Continue reading Google Develops New Security Solutions to Strengthen Cloud

A consortium of media outlets dubbed the Pegasus Project found that Israeli surveillance firm NSO Group licensed its military-grade spyware Pegasus to governments that used it to hack 37 smartphones of business executives, human rights activists and journalists. Two women close to murdered Saudi journalist Jamal Khasghoggi were also reportedly targeted. Amnesty International and journalism non-profit Forbidden Stories shared a list of 50,000 phone numbers that dates to 2016 and included the 37 targets. New evidence also suggests that thousands of iPhones worldwide may have been compromised.  Continue reading Media Consortium Reveals Extent of Pegasus Spyware Reach

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS

Facebook, Intel and Microsoft announced bugs in their software this week. Facebook patched WhatsApp to prevent hackers from using it to install spyware on mobile phones. Intel described its efforts to fix a problem with its chipsets that allow attackers to access private data. Now Microsoft warned that it just patched a bug similar to the WannaCry ransomware crypto-worm that attacked computers around the globe in 2017. The company said that, to its knowledge, no one yet had exploited the Windows vulnerability. Continue reading Microsoft Warns Windows Bug May Be Abused by Hackers

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

An investigation reveals that Facebook has been secretly paying users ages 13 to 35 since 2016 to install an iOS or Android “Facebook Research” app that gives the company access to all of their smartphone and Internet activity. The Research app is similar to Facebook’s Onavo Protect app that Apple banned in June and may also be a violation of Apple policy. Legislators on both sides of the aisle were infuriated at the news, decrying the surveillance technology. Facebook’s earlier Onavo app was also criticized as spyware.

Continue reading Facebook Solicited Teens to Download Its Surveillance Tool

Huawei’s new P20 Pro, which features an AI-powered Leica triple camera system, has been ranked as one of 2018’s best Android phones. The new smartphone is also stylish, with the option of a Twilight glossy blue/purple finish. The 6.1-inch OLED screen offers an aspect ratio of 18.7:9 (it’s a little more than twice as tall as it is wide) and 2240×1080 resolution. But nobody in the U.S. will be able to buy the P20 Pro anytime soon, since AT&T pulled out of the partnership due to FCC concerns over potential spyware. Continue reading Huawei P20 Pro: Triple Camera System Gets Strong Reviews

The NSO Group, an Israeli firm that sells software for invisibly tracking mobile phones, is believed to be responsible for leveraging three security vulnerabilities in Apple devices to spy on journalists and dissidents. The software can reportedly be used to access passwords, emails, text messages, calls, contacts and more. Apple fixed the security flaws 10 days after two researchers provided the tip. The company urges all users to download the latest version of iOS. “Apple on Thursday released a patched version of its mobile software, iOS 9.3.5,” reports The New York Times. “Users can get the patch through a normal software update.” Continue reading Security Alert: Apple Urges iPhone Users to Update Their iOS

Movie studios that use Facebook to promote upcoming films — such as “Batman v Superman: Dawn of Justice,” which has 4.4 million likes on its Facebook movie page — have discovered a potent downside to the extra publicity. Pirates post links to copyright-infringing streams; spam includes chain letters, pornography, phishing, malware and hate speech. Illegal sites are harvesting personal data and running money scams and now targeting publications with embedded Facebook comments, including BuzzFeed, ESPN and Huffington Post. Continue reading Pre-Release Piracy Grows Across Facebook and Publications