Domande e risposte: John Scott-Railton di Citizen Lab sulla lotta alla continua minaccia di #Pegasus
Da quando abbiamo scritto un anno fa, Pegasus è stato rilevato sui cellulari di giornalisti nella Repubblica Dominicana, India, Giordania, Armenia e Togo. È stato anche messo sul telefono di Galina Timchenko, la fondatrice del giornale russo in esilio Meduza, forse da uno stato membro dell'UE
#EU#Cybersecurity#Spyware#EP: "Spyware has been found on two phones of Members of the European Parliament (MEPs) sitting on the security and defence subcommittee, the institution revealed on Wednesday.
The European Parliament has uncovered intrusive surveillance software, known as spyware, on the phones of two members of the SEDE subcommittee. According to an internal email, the institution has invited all committee members to take their mobile phones to the parliament’s IT services for further analysis.
"In the given geopolitical context and given the nature of the files followed by the Subcommittee on Security and Defence, special attention is dedicated to the devices of the Members of this subcommittee and the staff supporting its work," the European Parliament said in a statement."
Sooo now that members of the European Parliament (#security and #defence committee) found themselves to be targeted with #spyware, will we finally see stricter regulation of these dangerous pieces of software?
🛑 #Meta Platforms took action against 8 #spyware firms targeting users on iOS, #Android, and Windows devices. Their capabilities include data collection, camera use, and microphone access.
Ben non attends j'utilise la version fork gallerie simple; dont tout le monde s'est rabattu après le rachat de simple mobile. Là il s'agit d'un fork, y a pas de liaisons avec l'entreprise vérolé qui l'a racheté. Ce message de simple mobile tools n'a donc rien à foutre ici.
Večer ni cajtng, ampak vohunski sistem.
Tast prinese računalnik, ker mu osmrtnice ne delajo.
Malo klikam sem in tja in ugotovim, da njihova spletna stran dela samo, če izklopim ščit za trackerje v Brave browserju.
Kljub naročnini.
Slabo, #vecer.
@po3mah
Saj piškotki (kolk lep nedolžen opis) so izključno "vohunski programi", jaz jih vedno reject, če ne gre, potem stran zame ni aktualna, jo preskočim. So pa to lahko resnično velike količine povezav s katerimi bi ob prebiranju članka moral deliti mojo zasebnost. #nehvala#spyware
Spannend & fürchterlich aber die Wahrheit in in dieser Doku:
«Im Juli 2021 sorgte die #israel'ische #Spyware Pegasus weltweit für Schlagzeilen. Der Enthüllung waren monatelange Nachforschungen des Recherchenetzwerks "Project Pegasus" vorausgegangen. Der #Doku'mentarfilm befragt die Akteure und prangert autoritäre Entwicklungen in vielen #Staaten sowie Eingriffe in die #Privatsphare der gehackten Personen an.»
#CyberSecurity#Spyware#Malware#Variston: "Google kept digging into Variston’s malware. In March 2023, the tech giant’s researchers found that spyware made by Variston was used in Kazakhstan, Malaysia and the United Arab Emirates. Last week, Google reported that it found Variston hacking tools used against iPhone owners in Indonesia.
In the past year, more than half a dozen Variston employees have left the company, they told TechCrunch on the condition of anonymity, as they were not authorized to speak to the press because of nondisclosure agreements.
Now, according to four former employees and two people with knowledge of the spyware market, Variston is shutting down."
"Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide..."
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2024 is out! It includes the following and much more:
➝ 🔓 #Juniper Support Portal Exposed Customer Device Info
➝ 🔓 🇹🇭 Major #DataBreach in #Thailand Exposes Personal Data of 20 Million Elderly Citizens
➝ 🔓 🇫🇷 Millions at risk of fraud after massive health data hack in #France
➝ 🔓 🇺🇸 #Verizon employee inadvertently leaks data of 63 thousand colleagues
➝ 🔓 🖥️ #AnyDesk Hacked: Revokes Passwords, Certificates in Response
➝ 🔓 🇺🇸 #Clorox says #cyberattack caused $49 million in expenses
➝ 💸 📈 #Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
➝ 🇺🇸 💰 US offers $10 million for tips on #Hive ransomware leadership
➝ 🇨🇳 🇺🇸 #China-backed Volt Typhoon hackers have lurked inside US #criticalinfrastructure for ‘at least five years’
➝ 🇨🇳 🇳🇱 Chinese Hackers Exploited #FortiGate Flaw to Breach Dutch #Military Network
➝ 🇮🇷 🇮🇱 #Iran accelerates cyber ops against #Israel from chaotic start
➝ 🇧🇾 🇺🇸 Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion #Crypto Money Laundering
➝ 🇭🇰 💸 #Finance worker pays out $25 million after video call with #deepfake ‘chief financial officer’
➝ 🇺🇦 #ukraine is Creating a ‘Cyber Diplomat’ Post
➝ 🇩🇰 #Denmark orders schools to stop sending student data to #Google
➝ 🇪🇺 ⚖️ #EU proposes criminalizing AI-generated child sexual abuse and deepfakes
➝ 🇳🇱 💰 #Uber Fined 10 Million Euros by Dutch Data Regulator
➝ 🇺🇸 🛂 US to Roll Out Visa Restrictions on People Who Misuse #Spyware to Target Journalists, Activists
➝ 🦠 💬 Raspberry Robin #Malware Upgrades with #Discord Spread and New Exploits
➝ 🦠 🍎 New #macOS Backdoor Linked to Prominent Ransomware Groups
🦠 🪥 Surprising 3 Million Hacked #Toothbrushes Story Goes Viral—Is It True?
➝ 🇨🇦 🐬 #Canada declares #FlipperZero public enemy No. 1 in car-theft crackdown
➝ 🩹 #Ivanti: Patch new Connect Secure auth bypass bug immediately
➝ 🐛 📍 Security flaw in a popular smart helmet allowed silent location tracking
➝ 🩹 Critical Patches Released for New Flaws in #Cisco, #Fortinet, #VMware Products
➝ 🐛 🐧 Critical Boot Loader #Vulnerability in Shim Impacts Nearly All #Linux Distros
➝ 🐛 ✈️ #Airbus App Vulnerability Introduced Aircraft Safety Risk
➝ 🩹 #QNAP Patches High-Severity Bugs in QTS, Qsync Central
--
📚 This week's recommended reading is: "x86 Software Reverse-Engineering, Cracking, and Counter-Measure" by Stephanie Domas & Christopher Domas
--
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Can I block the operation of an #Aternity browser extension by using a custom filter on #AdGuard on my router? Or perhaps using a @protonmail VPN config on my router?
I really don’t like my big bad business daddy digging into my personal health #data, communications, etc., & I don’t have admin rights on my PC to disable/remove it.
IT snuck #Aternity in as a browser extension & I don’t have admin rights to remove it. It has rights to see/handle/change all site data. I contacted IT & told them it’s problematic from a #privacy standpoint bc it has access to literally all websites I visit, including Gmail, protonmail, anthem, & MyChart. It even has access to the “anonymous” #Menti survey form sent out by corporate.
#IT told me not to do personal stuff on a work PC if I’m concerned w/ privacy 😒
1/2
Das 40,00€ teurer gewordene Nachfolgeticket zum 9-Euro-Ticket soll Daten melken. Zwar solle das Ticket übergangsweise nicht nur für Smartphones erhältlich sein sondern auch auf Chip-Karten und kurzzeitig auf Papier mit QR-Code, aber wichtig scheint es den Regierenden vor allem anderen, dass mit dem 49€-Ticket Echtzeit-Verkehrsdaten erhoben werden können.
Positiv klingt zunächst: "Es werde nicht gespeichert, wer von A nach B fährt, sondern nur, wie stark die Verkehrsmittel ausgelastet sind. Für die Fahrgäste könnte das ein Nutzen sein, weil die Verkehrsunternehmen so für ausreichend Kapazitäten sorgen könnten."
Allerdings: Das Ticket wird wohl nur als Abo personalisiert erworben werden können, so dass darüber anfallende Personendaten zukünftig schnell integriert werden könnten. Mit Hinblick auf den aktuellen massiven Ausbau des Überwachungsstaats und der Kontrollgesellschaft in Deutschland und der EU (digitale Personenkennziffer/RegMod, Chatkontrolle, Identifizierungspflicht, Biometrie, eIDAS uvm) ist es doch auch gar nicht die Frage ob, sondern nur wann und mit welchem Vorwand (Anschläge, Pandemie, Jugendschutz, Wahlkampf) personalisierte Datenerfassung und Polizeizugriffe kommen werden, sobald die digitale Kontrollinfrastruktur erst einmal errichtet wurde.
"Im Juli 2021 sorgte die israelische #Spyware#Pegasus weltweit für Schlagzeilen. Der Enthüllung waren monatelange Nachforschungen des Recherchenetzwerks "Project Pegasus" vorausgegangen. Der Dokumentarfilm befragt die Akteure und prangert autoritäre Entwicklungen in vielen Staaten sowie Eingriffe in die #Privatsphäre der gehackten Personen an."