In what the White House says is a precedent-setting move, President Biden has signed an executive order prohibiting use by the U.S. Government of “commercial spyware,” powerful cyber technology used by state actors to spy on journalists, dissidents and human rights activists. The White House defined the class of apps as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users,” explaining such technology “has proliferated in recent years with few controls and high risk of abuse.” Continue reading Biden Restricts the Government Use of Commercial Spyware

Apple is previewing a new security capability for its upcoming iOS 16 release that is designed to help high-value targets fend off state-sponsored cyberattacks. Politicians, journalists, industrial leaders can all benefit from Lockdown Mode, says Apple, which also shared details of a $10 million research grant to help civil society organizations battle mercenary spyware threats. Emphasizing Lockdown Mode is “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security,” Apple says it will debut this fall, including for the iPadOS 16 and macOS Ventura. Continue reading Apple’s Lockdown Mode Combats State-Sponsored Spyware

Human rights are center stage in a Congressional request to the U.S. Treasury Department for sanctions against Israeli spyware firm NSO Group and three additional foreign surveillance companies that allegedly aided authoritarian governments in committing criminal moral abuses. In a letter signed by Senate Finance Committee chairman Ron Wyden (D-Oregon), House Intelligence Committee chairman Adam Schiff (D-California) and 16 other Democratic lawmakers, Treasury was also asked to slap down UAE cybersecurity firm DarkMatter, European bulk surveillance mills Nexa Technologies and Trovicor, and top executives at those firms. Continue reading Lawmakers Urge Treasury Sanctions Against Spyware Firms

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

A consortium of media outlets dubbed the Pegasus Project found that Israeli surveillance firm NSO Group licensed its military-grade spyware Pegasus to governments that used it to hack 37 smartphones of business executives, human rights activists and journalists. Two women close to murdered Saudi journalist Jamal Khasghoggi were also reportedly targeted. Amnesty International and journalism non-profit Forbidden Stories shared a list of 50,000 phone numbers that dates to 2016 and included the 37 targets. New evidence also suggests that thousands of iPhones worldwide may have been compromised.  Continue reading Media Consortium Reveals Extent of Pegasus Spyware Reach

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

The NSO Group, an Israeli firm that sells software for invisibly tracking mobile phones, is believed to be responsible for leveraging three security vulnerabilities in Apple devices to spy on journalists and dissidents. The software can reportedly be used to access passwords, emails, text messages, calls, contacts and more. Apple fixed the security flaws 10 days after two researchers provided the tip. The company urges all users to download the latest version of iOS. “Apple on Thursday released a patched version of its mobile software, iOS 9.3.5,” reports The New York Times. “Users can get the patch through a normal software update.” Continue reading Security Alert: Apple Urges iPhone Users to Update Their iOS