❌

Normal view

There are new articles available, click to refresh the page.
Yesterday β€” 21 December 2024Main stream
Before yesterdayMain stream

The New Jersey Drone Mystery May Not Actually Be That Mysterious

13 December 2024 at 11:48
A flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on America’s hottest new conspiracy theory.

The Billion-Dollar Adult Streaming Industry Is Fueled by Horrific Labor Abuses

11 December 2024 at 10:10
Bedbugs and cockroaches. Filthy shared equipment. Constant surveillance, and zero control over their accounts. These are just some of the deplorable conditions adult cammers say they face on the job.

US Officials Recommend Encryption Apps Amid Chinese Telecom Hacking

Plus: Russian spies keep hijacking other hackers’ infrastructure, Hydra dark web market admin gets life sentence in Russia, and more of the week’s top security news.

$1 phone scanner finds seven Pegasus spyware infections

In recent years, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. At the same time, though, it has been difficult to check devices for infection, leading individuals to navigate an ad hoc array of academic institutions and NGOs that have been on the front lines of developing forensic techniques to detect mobile spyware. On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company's customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus.

The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify's infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spywareβ€”as it did in the seven recent Pegasus discoveries.

β€œThe really fascinating thing is that the people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, people in government positions,” says Rocky Cole, chief operating officer of iVerify and a former US National Security Agency analyst. β€œIt looks a lot more like the targeting profile of your average piece of malware or your average APT group than it does the narrative that’s been out there that mercenary spyware is being abused to target activists. It is doing that, absolutely, but this cross section of society was surprising to find.”

Read full article

Comments

Β© Getty Images

Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

4 December 2024 at 08:57
In a letter to the Department of Defense, senators Ron Wyden and Eric Schmitt are calling for an investigation into fallout from the Salt Typhoon espionage campaign.

Malicious Ads in Search Results Are Driving New Generations of Scams

2 December 2024 at 04:00
The scourge of β€œmalvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.

The US Is Calling Out Foreign Influence Campaigns Faster Than Ever

22 November 2024 at 12:36
The 2024 elections were a high-water mark for naming and shaming threat actors from foreign governments. There’s still work to be done, though, on how to attribute disinformation campaigns most effectively.

Meta Finally Breaks Its Silence on Pig Butchering

The company gave details for the first time on its approach to combating organized criminal networks behind the devastating scams.

❌
❌