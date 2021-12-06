ContributorsPublishersAdvertisers
Public Safety

Nine State Department Phones Hijacked by Spyware

By Phil Muncaster
infosecurity-magazine.com
 3 days ago

Cover picture for the articleNine US State Department officials had their iPhones remotely hacked by spyware from controversial firm NSO Group, according to reports. Four people familiar with the matter told Reuters that the Israel developer’s Pegasus malware was used to snoop on the US government victims over the past few months. Although the identity...

www.infosecurity-magazine.com

Comments / 0

Related
SFGate

AP Source: NSO Group spyware used to hack State employees

WASHINGTON (AP) — The phones of 11 U.S. State Department employees were hacked with spyware from Israel's NSO Group, the world's most infamous hacker-for-hire company, a person familiar with the matter said Friday. The employees were all located in Uganda and included some foreign service officers, said the person, who...
PUBLIC SAFETY
TechSpot

Pegasus spyware found on nine US diplomatic phones

What just happened? This week Reuters reported that hackers used the controversial Pegasus spyware from the NSO group to breach nine US State Department employees' iPhones. It isn't known yet who is responsible, but this represents the most critical known cyberattack involving US officials and Pegasus. Reuters' sources indicated that...
PUBLIC SAFETY
The Independent

US embassy officials in Uganda had their phones hacked with Israeli spyware, reports say

US diplomatic staff in Uganda had their iPhones hacked using controversial spyware sold by the Israeli cyber-weapons company NSO Group, according to reports.Citing anonymous sources, Reuters reported on Thursday that at least nine workers based in the US Embassy in Uganda or specialising in the country were targeted using NSO’s Pegasus software by parties unknown.Another report by the New York Times put the number of officials at 11, saying embassy staff had received a warning from Apple that "state-sponsored attackers are trying to remotely compromise the iPhone associated with your Apple ID".Pegasus is a military-grade surveillance suite that can...
PUBLIC SAFETY
IN THIS ARTICLE
#Us State Department#Spyware#Nso Group#Reuters#African#Forcedentry#Treasury#American
Apple Insider

Apple will alert users exposed to state-sponsored spyware attacks

As part of Apple's initiative to battle state-sponsored spyware, or more specifically the surveillance and monitoring of Apple device owners, the company is introducing a system that will alert users when they are believed to be targets of such attacks. On Tuesday, Apple announced that it filed suit against NSO...
TECHNOLOGY
financialbuzz.com

Apple Files Lawsuit against NSO Group for Abuse of State-Sponsored Spyware

Apple, Inc. (NASDAQ: AAPL) has filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The lawsuit provides information on how NSO Group infected victim’s devices with its Pegasus spyware. Apple seeks a permanent ban on NSO Group from utilizing any Apple software, services and devices. NSO Group creates state sponsored surveillance technology that allows for highly targeted spyware to surveil its victims. These are focused on small amounts of users as they impact across multiple platforms which include Android and iOS. Researchers and journalists have documented a history of this spyware targeting government officials, academic, dissidents, activists and journalists. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
BUSINESS
notebookcheck.net

Google Pixel phones suffer privacy woes as phones sent for warranty repairs are getting hijacked

Some Google Pixel users are reporting that someone is hijacking their phones that they mailed to Google for repairs. The latest complaint comes from Jane McGonigal, an NYT bestselling author and game designer. According to Jane’s tweet, someone used her Google Pixel 5a, which the author mailed in for repair, to access her Google Drive, Gmail, DropBox, and backup email for the Photos app. Upon seeing her activity log, she also discovered that the hijacker had accessed her private photos and had deleted the security notifications from the backup account.
CELL PHONES
BGR.com

Dangerous Android scam drains your bank account with one phone call

Android device owners now have another scam to watch out for as a dangerous malware campaign spreads to new regions. Cybersecurity experts from Cleafy say that they have seen a spike in Android remote access trojan (RAT) infections over the past year. According to Cleafy, BRATA – a malware first discovered in Brazil – has made its way to Italy. Hackers are using the trojan to steal banking details from Android users and then drain their bank accounts.
CELL PHONES
YOU MAY ALSO LIKE
Country
Uganda
NewsBreak
Apple
NewsBreak
Public Safety
Business Insider

Elon Musk thinks you should die

Billionaire Tesla CEO Elon Musk believes death is critical to human progress. Death is "important," he said this week, because people rarely change their minds — "they just die." "If you live forever, we might become a very ossified society where new ideas cannot succeed," he said. When billionaire Elon...
ECONOMY
infosecurity-magazine.com

Twitter and Meta Tackle Anti-Vaxxers and Chinese Disinformation

Social media giants Twitter and Meta have been forced to remove thousands of “inauthentic” accounts linked to state-backed disinformation campaigns and anti-vaxxer rhetoric. China loomed large over much of the activity. Twitter revealed that it removed over 3400 accounts – around 2000 of which were being used to amplify Communist...
INTERNET
infosecurity-magazine.com

Misconfigured Database Leaks Info on 150K E-commerce Buyers

Security researchers have found a misconfigured cloud-hosted database leaking over 300,000 records, including sensitive personal information on e-commerce buyers. A team at Safety Detectives found the leaky Elasticsearch database on July 25 this year but claimed the content had been exposed without any password protection or encryption since November 2020.
TECHNOLOGY
infosecurity-magazine.com

UK Government Fined Over Honors List Data Breach

The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The Information Commissioner’s Office (ICO) said that the safety of hundreds of 2020 New Year Honors recipients had been placed in jeopardy after their personal data was published online.
U.K.
infosecurity-magazine.com

Omicron Phishing Campaign Hits User Inboxes

Online fraudsters have reacted quickly to news of a potentially new severe COVID-19 variant, with a carefully crafted phishing email campaign, according to observers. Consumer rights group Which? spotted the email, which is designed to appear as if sent from the NHS, and urges recipients to get a new PCR test for the Omicron variant.
PUBLIC SAFETY
infosecurity-magazine.com

Ex Ubiquiti Developer Arrested for Data Theft

A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting to be working on remediating the theft. Portland resident Nickolas Sharp allegedly stole gigabytes of data from Ubiquiti Inc., a technology company headquartered in New...
PUBLIC SAFETY
infosecurity-magazine.com

Cyber Vulnerabilities and Safety Risks Across the UK's Digital Railway

A report by The European Union Agency for Cybersecurity (ENISA) has outlined the growing threat of cyber-attacks to rail networks across the UK and Europe. As attackers have become more sophisticated in their approach, new and complex threats have emerged, ranging from malware to insider attacks and Dedicated Denial of Service (DDoS) attacks.
PUBLIC SAFETY
infosecurity-magazine.com

BitMart Confirms $150M Crypto Theft

Crypto-currency worth at least $150m has been stolen from crypto-currency exchange BitMart. Blockchain security company Peckshield shared news of the theft on Saturday night on social media, claiming that digital currency worth $196m was stolen in the incident. Peckshield alleged that a hacker pumped crypto-currency worth $96m out of the...
MARKETS
infosecurity-magazine.com

Top 3 Mistakes Companies Make With Security and Compliance

As the workplace continues to blend between physical and remote environments, protecting company data has become a top priority. We’ve all seen the fallout of poor security policies – phishing scams, data breaches and exposing confidential information just to name a few. So it’s not uncommon for companies to reactively set up compliance programs; being non-compliant can be twice as costly as being compliant due to fines, business disruption, reputation damage and other factors. But compliance can be complex and confusing, especially when set up hastily or with minimal knowledge of the process. There’s an abundance of frameworks to understand with different requirements on timeline, policies and controls. Because compliance is traditionally known as a cumbersome process plagued by a sea of paperwork, it’s no surprise that companies will do whatever they can to avoid it until a customer asks for an attestation report. Yet, without the proper foundation, cobbling a compliance program together can do just as much damage as not having a compliance program in place at all.
BUSINESS
infosecurity-magazine.com

Cuba Ransomware Nets Nearly $50m

The threat actors behind the Cuba ransomware variant have already amassed $44m through targeting of at least 49 victims, according to the FBI. The bureau’s latest 'flash' alert revealed that the group had demanded at least $74m from its victims. These victims frequently come from critical infrastructure sectors like financial, government, healthcare, manufacturing, and IT.
PUBLIC SAFETY
infosecurity-magazine.com

Cyber-attack Closes UK Convenience Stores

The retailer SPAR has been forced to close some of its convenience stores in the UK after a cyber-attack on its IT systems. The digital assault occurred on Sunday and is being investigated by Lancashire Police. SPAR has around 2600 stores located across the UK. Because of the incident, 330...
PERSONAL FINANCE

Comments / 0

Community Policy