Cybersecurity News


The Pegasus project: why investigations like this are at the heart of the Guardian’s mission

The Pegasus project: why investigations like this are at the heart of the Guardian’s mission

Guardian editor-in-chief Katharine Viner reflects on our recent investigation into NSO Group, which sells hacking spyware used by governments around the world, and explains why journalism like this is so vital


When the Guardian’s head of investigations, Paul Lewis, first told me about a huge data leak suggesting authoritarian regimes were possibly using smartphone hacking software to target activists, politicians and journalists, perhaps the worst part is that I wasn’t particularly surprised.

Related: What is Pegasus spyware and how does it hack phones?

Related: Huge data leak shatters lie that the innocent need not fear surveillance

Related: The Pegasus project part 1: an invitation to Paris

Support the Guardian’s independent investigative journalism with a single or recurring contribution today.

Related: How you helped the Guardian report on the year that changed everything | Katharine Viner

Continue reading...
23 July 2021

How NSO became the company whose software can spy on the world

How NSO became the company whose software can spy on the world

The Pegasus project has raised new concerns about the Israeli firm, which is a world leader in the niche surveillance market

In 2019, when NSO Group was facing intense scrutiny, new investors in the Israeli surveillance company were on a PR offensive to reassure human rights groups.

In an exchange of public letters in 2019, they told Amnesty International and other activists that they would do “whatever is necessary” to ensure NSO’s weapons-grade software would only be used to fight crime and terrorism.

What is in the data leak?

The Pegasus project is a collaborative journalistic investigation into the NSO Group and its clients. The company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

Show your support for the Guardian’s fearless investigative journalism today so we can keep chasing the truth

Continue reading...
23 July 2021

Protecting the hybrid workplace through Zero Trust security

The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors.

The post Protecting the hybrid workplace through Zero Trust security appeared first on WeLiveSecurity

23 July 2021

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn.
22 July 2021

Phish Swims Past Email Security With Milanote Pages

Phish Swims Past Email Security With Milanote Pages The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.
22 July 2021

Critical Jira Flaw in Atlassian Could Lead to RCE

Critical Jira Flaw in Atlassian Could Lead to RCE The software-engineering platform is urging users to patch the critical flaw ASAP.
22 July 2021

Industrial Networks Exposed Through Cloud-Based Operational Tech

Industrial Networks Exposed Through Cloud-Based Operational Tech Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
22 July 2021

7 Hot Cyber Threat Trends to Expect at Black Hat

7 Hot Cyber Threat Trends to Expect at Black Hat A sneak peek of some of the main themes at Black Hat USA next month.
22 July 2021

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.
22 July 2021

Popular Wi‑Fi routers still using default passwords making them susceptible to attacks

To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials

The post Popular Wi‑Fi routers still using default passwords making them susceptible to attacks appeared first on WeLiveSecurity

22 July 2021

Paving the way: Inspiring Women in Payments - A podcast featuring Marie Babineau

 

There was once a time when Marie Babineau felt she had to pretend to be one of the boys in order to be taken seriously. Determined to prove herself to her male colleagues, Marie learned how to crimp an RG-45 wire, program a router in command line, and become a fierce Unix system admin, among many other highly technical skills. The more she learned, the more confidence she gained. In this edition of our podcast, Marie explores the theme of building confidence and how we can start at an early age by not perpetuating a frequently held stereotype: that girls are not good at math.

22 July 2021

Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug

Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
22 July 2021

Serial Swatter Who Caused Death Gets Five Years in Prison

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.
21 July 2021

Cybercriminals may target 2020 Tokyo Olympics, FBI warns

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money

The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity

21 July 2021

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.
21 July 2021

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
21 July 2021

Request for Comments: PCI Card Production and Provisioning v3 Draft Standard


From 21 July to 20 August, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PCI Card Production and Provisioning v3 Draft Standard. 

21 July 2021

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
21 July 2021

French Launch NSO Probe After Macron Believed Spyware Target

French Launch NSO Probe After Macron Believed Spyware Target Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.
21 July 2021

Tracking Malware and Ransomware Domains in 2021

Tracking Malware and Ransomware Domains in 2021 Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news.
21 July 2021