I’m Spending the Year at the Munk School

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. It's not a real sabbatical--I'm just an adjunct--but it's the same idea. I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a...

Citizen Lab Reports Hidden VPN Networks Sharing Ownership and Security Flaws

Citizen Lab's new report, Hidden Links, uncovers a network of VPN providers like Turbo VPN and VPN Monster…...

Russian-Linked Hackers Target Eastern European NGOs and Media

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian...

Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed...

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Viv...

Emergency update! Apple patches three zero-days

Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey...

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows -...

About the security content of Safari 16.6.1

About the security content of Safari 16.6.1 This document describes the security content of Safari 16.6.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around...

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On...

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that...

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that...

About the security content of macOS Ventura 13.5.2

About the security content of macOS Ventura 13.5.2 This document describes the security content of macOS Ventura 13.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of watchOS 9.6.2

About the security content of watchOS 9.6.2 This document describes the security content of watchOS 9.6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of iOS 16.6.1 and iPadOS 16.6.1

About the security content of iOS 16.6.1 and iPadOS 16.6.1 This document describes the security content of iOS 16.6.1 and iPadOS 16.6.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-cli...

Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose

Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company...

About the security content of iOS 16.3.1 and iPadOS 16.3.1

About the security content of iOS 16.3.1 and iPadOS 16.3.1 This document describes the security content of iOS 16.3.1 and iPadOS 16.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

Security Vulnerabilities in Covert CIA Websites

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by--at least--China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. Were now learning that the CIA is still "using an irresponsibly secured system...