exploits – SSL and internet security news

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

December 20, 2021 infossl

Citizen Lab, cyberweapons, exploits, Security technology, spyware, Uncategorized

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted … Read More “More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers” »

Apple Sues NSO Group

November 24, 2021 infossl

apple, courts, exploits, Security technology, spyware, Uncategorized

Piling more on NSO Group’s legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. … Read More “Apple Sues NSO Group” »

MacOS Zero-Day Used against Hong Kong Activists

November 12, 2021 infossl

activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised … Read More “MacOS Zero-Day Used against Hong Kong Activists” »

Hacking the Sony Playstation 5

November 10, 2021 infossl

exploits, gaming consoles, hacking, reverse engineering, Security technology, Uncategorized

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming … Read More “Hacking the Sony Playstation 5” »

The Proliferation of Zero-days

September 24, 2021 infossl

china, exploits, hacking, Security technology, Uncategorized, zero-day

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the … Read More “The Proliferation of Zero-days” »

Zero-Click iMessage Exploit

September 17, 2021 infossl

apple, exploits, patching, Security technology, spyware, Uncategorized, vulnerabilities

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Powered by WPeMatico

Zero-Click iPhone Exploits

September 1, 2021 infossl

apple, Citizen Lab, cyberweapons, exploits, iphone, malware, Security technology, Uncategorized

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they … Read More “Zero-Click iPhone Exploits” »

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

April 19, 2021 infossl

apple, exploits, fbi, hacking, iphone, Security technology, terrorism, Uncategorized

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called … Read More “Details on the Unlocking of the San Bernardino Terrorist’s iPhone” »

Exploiting Spectre Over the Internet

March 18, 2021 infossl

exploits, google, Security technology, Uncategorized, vulnerabilities

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to … Read More “Exploiting Spectre Over the Internet” »

Chinese Hackers Stole an NSA Windows Exploit in 2014

March 4, 2021 infossl

china, exploits, hacking, microsoft, nsa, Security technology, Uncategorized, windows

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including … Read More “Chinese Hackers Stole an NSA Windows Exploit in 2014” »