Pegasus | Breaking Cybersecurity News | The Hacker News

A U.S. judge has ordered NSO Group to hand over its source code for  Pegasus  and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which  filed the lawsuit  in October 2019 for using its infrastructure to  distribute the spyware  to approximately 1,400 mobile devices between April and May. This also  included  two dozen Indian activists and journalists. These attacks leveraged a then zero-day flaw in the instant messaging app ( CVE-2019-3568 , CVSS score: 9.8), a critical  buffer overflow bug  in the voice call functionality, to deliver Pegasus by merely placing a call, even in scenarios where the calls were left unanswered. In addition, the attack chain included steps to erase the incoming call information from the logs in an attempt to sidestep detection. Court documents released late last month show that NSO Group has been asked to "produce

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The  misuse of commercial spyware  threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken  said . "Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases." The latest measures, underscoring continued efforts on part of the U.S. government to curtail the proliferation of surveillance tools, are designed to "promote accountability" for individuals involved in commercial spyware misuse. The new policy covers people who have used such tools to "unlawfully surveil, harass, suppress, or intimidate individuals," as well as those who stand to financially benefit from the misuse. It also includes the companie

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Cybersecurity researchers have identified a "lightweight method" called  iShutdown  for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's  Pegasus , QuaDream's  Reign , and Intellexa's  Predator .  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named "Shutdown.log," a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics. "Compared to more time-consuming acquisition methods like forensic device imaging or a full iOS backup, retrieving the Shutdown.log file is rather straightforward," security researcher Maher Yamout  said . "The log file is stored in a sysdiagnose (sysdiag) archive." The Russian cybersecurity firm said it identified entries in the log file that recorded instances where "sticky" processes, such as

The  Operation Triangulation  spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which  discovered  the  campaign  at the beginning of 2023 after becoming one of the targets,  described  it as the "most sophisticated attack chain" it has ever observed to date. The campaign is believed to have been active since 2019. Operation Triangulation gets its name from the use of a fingerprinting technique called canvas fingerprinting to draw a yellow triangle on a pink background with Web Graphics Library ( WebGL ) in the device's memory. The exploitation activity involved the use of four zero-day flaws that were fashioned into a chain to obtain an unprecedented level of access and backdoor target devices running iOS versions up to iOS 16.2 with the ultimate goal of gathering sensitive information. The starti

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor Ventura  said  in a report shared with The Hacker News. "However, by April 2022, that capability was being offered to their customers." Predator is the product of a consortium called the Intellexa Alliance, which includes Cytrox (subsequently acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were  added  to the Entity List by the U.S. in July 2023 for "trafficking in cyber exploits used to gain access to information systems." The latest findings come more than six months after the cybersecurity vendor detai

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from  Access Now  and the  Citizen Lab  has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of  Meduza , an independent news publication based in Latvia. It's currently not clear who deployed the malware on the device. The Washington Post  reported  that the Russian government is not a client of NSO Group, citing an unnamed person familiar with the company's operations. "During the infection her device was localized to the GMT+1 timezone, and she reports being in Berlin, Germany," the Citizen Lab said. "The day following the infection she was scheduled to attend a private meeting with other heads of Russian independent media exiled in Europe to discuss how to manage threats and censorship by P

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061  - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064  - A buffer overflow issue in the  Image I/O component  that could result in arbitrary code execution when processing a maliciously crafted image. While CVE-2023-41064 was found by the Citizen Lab at the University of Torontoʼs Munk School, CVE-2023-41061 was discovered internally by Apple, with "assistance" from the Citizen Lab. The updates are available for the following devices and operating systems - iOS 16.6.1 and iPadOS 16.6.1  - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generati

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was  first documented  by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of another loader component known as Alien, is equipped to record audio from phone calls and VoIP-based apps as well as gather contacts and messages, including from Signal, WhatsApp, and Telegram. Its other functionalities allow it to hide applications and prevent applications from being executed upon rebooting the handset. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos  said  in a technical report. Spyware like Pre

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory based at the University of Toronto  said . NSO Group is the manufacturer of  Pegasus , a sophisticated cyber weapon that's capable of extracting sensitive information stored in a device – e.g., messages, locations, photos, and call logs, among others — in real-time. It's typically delivered to targeted iPhones using zero-click and/or zero-day exploits. While it has been pitched as a tool for law enforcement agencies to combat serious crimes such as child sexual abuse and terrorism, it has also been deployed illegally by authoritarian governments to spy on human rig

Thai activists involved in the country's pro-democracy protests have had their smartphones infected with NSO Group's infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been targeted between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their political activities or criticism of the government. "The timing of the infections is highly relevant to specific political events in Thailand, as well as specific actions by the Thai justice system," the Citizen Lab  said  in a Sunday report. "In many cases, for example, infections occurred slightly before protests and other political activities by the victims." The findings are the result of  threat notifications  sent by Apple last November to alert users it believes have been targeted by state-sponsored attackers. The attacks entailed the use of two zero-cl

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a  report  from Politico. Acknowledging that it had "made mistakes," the company also stressed on the need for an international standard to regulate the government use of spyware. The disclosure comes as a special inquiry committee was  launched in April 2022  to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members. "The committee is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was us

A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from  NSO Group  and  Candiru  against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations," the University of Toronto's Citizen Lab  said  in a new report. "Family members were also infected in some cases." Of the 65 individuals, 63 were targeted with Pegasus and four others were infected with Candiru, with iPhones belonging to at least two compromised with both. The incidents are said to have mostly occurred between 2017 and 2020. The attacks involved the weaponization of an iOS exploit dubbed HOMAGE that made it possible to penetrate the devices running versions prior to iOS 13.2, which was released on October 28, 2019. It's worth noting that the latest version of iOS is iOS 15.4.1.

Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a  new report  from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the commercial spyware against them or what information was obtained following the attacks. NSO Group said in a statement shared with Reuters that it was not responsible for the hacking attempts, adding that the targeting "could not have happened with NSO's tools." The intrusions are said to have come to light after Apple notified the victims of state-sponsored attacks last November as part of its efforts to stop the Israeli surveillance firm from targeting its customers. That same month, the iPhone maker  filed a lawsuit  against NSO Group, seeking a court-issued injunction

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, stating that the technology's "unprecedented level of intrusiveness" could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS)  said  in its preliminary remarks. "This fact makes its use incompatible with our democratic values." Pegasus  is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movements.

Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms operating in the nation are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper  Calcalist , now only includes 37 countries, down from the previous 102: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S. Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, the mov