Targeted spyware and why it’s a concern to us

Experts are again warning about the proliferating market for targeted spyware and espionage. Before we dive into the world of targeted spyware, it's worth looking at a few of the main players that are active in and against this industry. Paragon Solutions is an Israeli company which sells high-en...

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by October 2, 20...

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

The Google Threat Analysis Group TAG has revealed that of the nine zero-day vulnerabilities affecting Chrome, Android, Apple and Microsoft that it reported in 2021, five were in use by a single commercial surveillance company. Did I hear someone say Pegasus? An educated guess, but wrong in this...

Security Analysis Clears TikTok of Censorship, Privacy Accusations

Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy. The...

Helping survivors of domestic abuse: What to do when you find stalkerware

We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes...

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. Video here. I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologist...

iOS Trident vulnerability patch analysis, the use of the code published（POC）-bug warning-the black bar safety net

Description 2 0 1 6 years 8 months 2 5,, for the recent emergence of iOS monitoring tool PEGASUS,Apple released important security update:iOS 9.3.5。 And before found the iOS malware is different, this kit uses three different iOS 0 day vulnerability that lets all hit a patchiOS 9.3.5 the...