minute read
Share this article:
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE.
Four nation-state-backed advanced persistent threats (APTs) hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said.
The attack, carried out in July and August, compromised 36 personal phones belonging to the victims, according to Citizen Lab. The firm said that the perpetrators could belong to up to four APTs, including potentially those linked to Saudi Arabia and the United Arab Emirates. All of the operators used the NSO Group’s infamous Pegasus spyware as their final payload.
minute read
Share this article:
The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort – and now Tor sites are down.
Joker’s Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains.
Joker’s Stash is a popular cybercriminal destination that specializes in trading in payment-card data, offering millions of stolen credit and debit cards to buyers. In October for instance, Dallas-based smoked-meat franchise Dickey’s Barbecue Pit saw 3 million customer payment cards turn up on the site. Anyone purchasing the information can create cloned cards to physically use at ATMs or at in-store machines that aren’t chip-enabled; or, they can simply use the information to buy things online.
minute read
Share this article:
A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.
UPDATE
Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge a handful for malicious reasons.
The survey conducted during November for Reboot Digital PR Agency found that 70 percent of exes polled have logged into their former partner’s Instagram account in the past week. And a full 65 percent of those who report social-media snooping said it had become an “obsession.”
Investigation reveals device sector is problem plagued when it comes to security bugs.
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs.
That fresh assessment comes from NCC Group, which published a report last week outlining “domestic IoT nightmares.” In partnership with the publication Which?, it assessed smart doorbell models made by three vendors Victure, Qihoo and Accfly along with white-box offerings from three additional doorbell makers.
minute read
Share this article:
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.
Facebook subsidiary WhatsApp has received new high-caliber support in its case against Israeli intelligence company NSO Group. The court case aims to hold NSO Group accountable for distributing its Pegasus spyware on the popular WhatsApp messaging service with the intent of planting its spyware on phones of journalists and human rights workers.
A group of companies–including tech giants Google, Microsoft and Cisco Systems–have filed a legal brief called an amicus to support WhatsApp against NSO’s alleged illegal cyber-surveillance activities, including selling “cyber-surveillance as a service” to foreign governments and other companies. VMWare and GitHub also signed the brief along with LinkedIn–a Microsoft subsidiary–and the Internet Associat