Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillanc...

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around...

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand — The Hacker News

Thai activists involved in the country's pro-democracy protests have had their smartphones infected with NSO Group's infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been targeted between October...

Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These...

Exposed: 6 year old Iranian espionage campaign using Android backdoor

By Sudais Asif Dubbed Rampant Kitten; the campaign has been going on for the last 6 years in which, among other tools and platforms, Iranian hackers have been utilizing Android backdoor apps. State-sponsored attackers happen to be one of the most dangerous threats out there due to the vast amount...

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems ICS with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety...

Yahoo Tells SEC It Knew About Data Breach in 2014

Yahoo fessed up in its latest SEC filing that it knew in 2014 that attackers were on its network and stole information from 500 million accounts. The breach was disclosed in September and Yahoo blamed state-sponsored attackers, a claim that was challenged by some experts who instead said a crimin...

Twitter Upgrades Account Security Features

Twitter has made a couple of changes to the service’s login process to help prevent account takeovers and enable users to reset their passwords in a simpler way. A Twitter account is among the more valuable assets for an attacker who is targeting a specific person. Accounts typically are tied to ...

Politics, Uncertainty Slowing Down U.S. Response to Cyber Threats

WASHINGTON–The shift in the last few years to cyberespionage and online attacks against the nation’s critical infrastructure have left the United States government lagging behind, and “a day late and a dollar short”, the former director of the National Security Agency said. The ongoing campaigns...

Verizon DBIR 2013: Months Pass Before Attacks Detected

It’s a familiar refrain: Attackers often have months of unfettered access to corporate networks; and security and network managers remain in the dark until they’re notified of serious breaches by third parties. Enterprises, regardless of industry, dread that fateful knock on the door by the FBI,...

LeBron James, Advanced Attackers and the Best Man Theory

There is a line of thinking that pervades and pollutes the discussions of many sporting events, and it goes something like this: “You can’t let LeBron James/Derek Jeter/Lionel Messi beat you. You have to force someone else to beat you.” It’s a flawed strategy for a number of reasons, but it’s eve...

Microsoft Issues FixIt For XML Flaw

With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...