Bogdan Botezatu from Bitdefender in conversation with Tarnkappe.info (Interview)

Bitdefender security researcher Bogdan Botezatu on government malware, surveillance and a second firewall alongside Windows Defender.

Bogdan Botezatu is working at Bitdefender as an IT security expert since May 2008. Botezatu has many years of experience in the areas of cyberware as well as mobile and social network malware.

Botezatu kindly answers the many questions of the Tarnkappe.info community. In Bucharest, he works for Bitdefender as Director of Threat Research & Reporting. Botezatu runs his own blog and is reachable via LinkedIn, Twitter and Facebook, for example.

https://tarnkappe.info/bogdan-botezatu-from-bitdefender-in-conversation-with-tarnkappe-info/

#interview #bitdefender
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

You make a privacy-first service → You get banned on Google

TL;DR: Google and Microsoft have super opaque and unpredictable ad moderation.

There are unofficial policies that indirectly ban the advertising of privacy-first services.

DuckDuckGo and StartPage.com use their platforms.

If you’re banned (like I am), unban is highly unlikely to happen, and the chances of your success are extremely low.

This topic is unpleasant, so there won’t be a lot of jokes. You need to have a lot of courage and composure to make jokes about your deadly wound when you’re still severely bleeding.

https://dkzlv.medium.com/google-bans-privacy-first-services-b9452e281439

#DeleteGoogle #google #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Introduction: Singleboard Computers vs Microcontrollers (Explained)

Singleboard computers vs Microcontrollers explained.

Singleboard computers like Pine64 A64 LTS or Raspberry Pi run entire operating systems such as Linux, FreeBSD, whereas microcontrollers such as the ESP32 focus on specialized tasks yet use much less power.

There are many ways to get into this and I will be doing series coming up to help people get into Singleboard computers and Microcontrollers using security/privacy benefits I think you will find useful.

https://devtube.dev-wiki.de/videos/watch/405263e6-c746-4ffe-88b0-9a4b2e922ead

#rasperry #pine #microcontrollers #ESP32
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Brazil’s Anti-Piracy “Operation 404” Leads to Arrests, Shutdowns, and Site Blocking

Brazilian law enforcement agencies have announced the third wave of anti-piracy "Operation 404." With support from the United States and the UK, the authorities blocked or shut down 334 websites and 94 piracy apps, while making five arrests. The blocking targets include 1337x and The Pirate Bay but those domains were not seized.

In the fall of 2019, Brazilian law enforcement conducted a large anti-piracy campaign codenamed ‘Operation 404,’ referring to the well-known HTTP error code.

With help from international law enforcement, the authorities took down hundreds of sites and apps and arrested several suspects.

A year later a new wave of anti-piracy action followed. Under the banner “Operation 404 #2”, law enforcement authorities blocked or seized the domain names of more than 300 pirate sites and streaming apps.
Operation 404 #3

Last week, Brazil’s Ministry of Justice announced the third wave of Operation 404. With 11 search and seizure warrants in hand, law enforcement officials blocked or seized the domains of 334 websites, 94 piracy apps, and 20 IP addresses.

https://torrentfreak.com/brazils-anti-piracy-operation-404-leads-to-arrests-shutdowns-and-site-blocking-210712/

#AntiPiracy #brazil #shutdown #siteblocking #1337x #PirateBay
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers Move to Extort Gaming Giant EA

After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.

The hackers who previously stole a wealth of data from gaming giant Electronic Artshave moved from trying to sell that data to now releasing parts of it publicly. In one message on a forum accompanying the data dump, the hackers say explicitly they are trying to extort EA as well.

"Few week ago we send email for ransome [sic] to EA but we dont get any response so we will posting the src [source]," one of the posts from the hackers reads. A compressed, 1.3GB cache the hackers released appears to include references to internal EA tools and the company's Origin store, according to a copy viewed by Motherboard.

"If they dont contact us or dont pay us we will keep posting it," the hackers threatened. The data they stole totals in at around 780GB, Motherboard previously reported. That data includes source code for the Frostbite engine, used in games such as Battlefield; internal development tools, and software development kits (SDKs). The hackers also provided Motherboard with screenshots that appear to show data related to The Sims.

https://www.vice.com/en/article/m7e57n/hackers-extort-ea-fifa

#ea #games #hacked #hacker #ransom
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Fast API resolving of REvil Ransomware related to Kaseya attack

This sample of REvil Ransomware is performing dynamically resolving of API functions via API name hashing. In this video I will show you 4 fast methods how you can do the API resolving of REvil Ransomware related to Kaseya attack.

3 methods are for IDAPro (renimp.idc + memsnapshot, Universal Unpacker Manual Reconstruct, Pe-Tree) and last 1 method (x64dbg + Scylla plugin)

https://www.youtube.com/watch?v=QYQQUUpU04s

#revil #ransomware #kaseya #api #resolving #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

A Conversation with Daniel Ellsberg - The whistleblower who started it all

For the Fourth of July, I reached out to an old friend, Daniel Ellsberg, to experiment with recording little conversations for you about big topics. Production quality will be a bit rough around the edges until I get the hang of it, but I hope you enjoy it.

https://edwardsnowden.substack.com/p/ellsberg1

#snowden #ellsberg #whistleblower #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Linux version of HelloKitty ransomware targets VMware ESXi servers

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.

As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target these servers.

VMware ESXi is one of the most popular enterprise virtual machine platforms. Over the past year, there has been an increasing number of ransomware gangs releasing Linux encryptors targeting this platform.

https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/

#hellokitty #linux #ransomware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Security Analysis of Telegram (Symmetric Part)

We performed a detailed security analysis of the encryption offered by the popular Telegram messaging platform. As a result of our analysis, we found several cryptographic weaknesses in the protocol, from technically trivial and easy to exploit to more advanced and of theoretical interest.

For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols such as TLS. We made several suggestions to the Telegram developers that enable providing formal assurances that rule out a large class of cryptographic attacks, similarly to other, more established, cryptographic protocols.

We disclosed the following vulnerabilities to the Telegram development team on 16 April 2021 and agreed with them on a disclosure on 16 July 2021:

https://mtpsym.github.io/

💡 Read as well: Four cryptographic vulnerabilities in Telegram
https://t.iss.one/BlackBox_Archiv/2391

#telegram #messenger #security #vulnerabilities #disclosure
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus

💡 Summary:

— Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.

— Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.

— We identified a politically active victim in Western Europe and recovered a copy of Candiru’s Windows spyware.

— Working with Microsoft Threat Intelligence Center (MSTIC) we analyzed the spyware, resulting in the discovery of CVE-2021-31979 and CVE-2021-33771 by Microsoft, two privilege escalation vulnerabilities exploited by Candiru. Microsoft patched both vulnerabilities on July 13th, 2021.

— As part of their investigation, Microsoft observed at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore. Victims include human rights defenders, dissidents, journalists, activists, and politicians.

— We provide a brief technical overview of the Candiru spyware’s persistence mechanism and some details about the spyware’s functionality.

— Candiru has made efforts to obscure its ownership structure, staffing, and investment partners. Nevertheless, we have been able to shed some light on those areas in this report.

https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/

#candiru #mercenary #spyware #israel
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Four cryptographic vulnerabilities in Telegram

An international research team of cryptographers completed a detailed security analysis of the popular Telegram messaging platform identifying several weaknesses in its protocol that demonstrate the product falls short of some essential data security guarantees.

💡 First, the “crime-pizza” vulnerability
Researchers assessed that the most significant vulnerabilities relate to the ability of an attacker on the network to manipulate the sequencing of messages coming from a client to one of the cloud servers that Telegram operates globally. Imagine the potential damage that could occur in swapping the sequence of messages. For example, if the order of the messages in the sequence “I say ’yes’ to”, “pizza”, “I say ’no’ to”, “crime” was altered then it would appear that the client is declaring their willingness to commit a crime.

💡 Second, the “every bit of information is too much” attack
Mostly of theoretical interest, this vulnerability allows for an attacker on the network to detect which of two messages are encrypted by a client or a server. Cryptographic protocols are designed to rule out even such attacks.

💡 Third, the “adjust your clocks” attack
Researchers studied the implementation of Telegram clients and found that three - Android, iOS, and Desktop - contained code which, in principle, permitted attackers to recover some plaintext from encrypted messages. While this seems alarming, it would require an attacker to send millions of carefully crafted messages to a target and observe minute differences in how long the response takes to be delivered. Nevertheless, if this type of attack were successful it would be devastating for the confidentiality of Telegram messages and, of course its users. Fortunately, this attack is almost impossible to pull off in practice. But, before you breathe a sigh of relief, this type of attack is mostly mitigated by the sheer coincidence that some metadata in Telegram is selected at random and kept secret.

💡 Fourth, the “piggy in the middle” game
The researchers also show how an attacker can mount an "attacker-in-the-middle" type of attack on the initial key negotiation between the client and the server. This allows an attacker to impersonate the server to a client, enabling it to break both the confidentiality and integrity of the communication. Luckily this attack, too, is quite difficult to pull off as it requires the attacker to send billions of messages to a Telegram server within minutes. However, this attack highlights that while users are required to trust Telegram’s severs, the security of Telegram's servers and their implementations cannot be taken for granted.

⚠️ As is usual in this area of research, the team informed Telegram developers of their findings 90 days prior to making them public, offering the company ample time to address the issues identified. In the meantime, Telegram has reacted to the results and fixed the security issues found by the researchers with software updates.

💡 Read as well: Security Analysis of Telegram (Symmetric Part)
https://t.iss.one/BlackBox_Archiv/2389

https://ethz.ch/en/news-and-events/eth-news/news/2021/07/four-cryptographic-vulnerabilities-in-telegram.html

#telegram #messenger #security #vulnerabilities #disclosure
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Is Proton Mail Really Private, Secure, and Anonymous?

In this video I tackle the topic of whether or not Proton mail is Really Private, Secure, and Anonymous

Privacy Watchdogs article about Proton mail being a honey pot which covers some of the issues in this video in more details, plus other things I didn't talk about.

https://lbry.tv/@AlphaNerd:8/is-proton-mail-really-private,-secure,:f

#protonmail #privacy #security #anonymous #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Phishing Army

Phishing is a critical cyber-attack vector - Let's fight the criminals!

Compatible with Pi-hole, AdAway, Blokada, AdGuard and any other Host/DNS filtering system. Already included in NextDNS Threat Intelligence Feed.

Generated every 6 hours from PhishTank, OpenPhish, Cert.pl, PhishFindR, Urlscan.io and Phishunt.io reports. Each domain is analyzed to eliminate false positives, through the Whitelist of Anudeep and the Alexa Rank.

👉🏼 Get the Blocklist:
https://phishing.army/download/phishing_army_blocklist.txt

👉🏼 Get the Extended Blocklist:
https://phishing.army/download/phishing_army_blocklist_extended.txt

💡 Extended or Normal Blocklist:
The difference is in the subdomains. The phishing kits can be reached even without subdomains. The extended blocklist also contains domains without subdomains. For example, it will contain the domain pay.phishing.com and phishing.com.

https://phishing.army/

#phishing #blocklist #host #dns #filtering
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests.

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based media nonprofit organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

https://nitter.net/Snowden/status/1416797153524174854

#leak #surveillance #nso #pegasus #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Amazon Shuts Down NSO Group Infrastructure

The move comes as activist and media organizations publish new findings on the Israeli surveillance vendor.

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement.

The move comes as a group of media outlets and activist organizations published new research into NSO's malware and phone numbers potentially selected for targeting by NSO's government clients.

"When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts," an AWS spokesperson told Motherboard in an email.

Amnesty International published a forensic investigation on Sunday that, among other things, determined that NSO customers have had access to zero-day attacks in Apple's iMessage as recently as this year. As part of that research, Amnesty wrote that a phone infected with NSO's Pegasus malware sent information "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months." The Amnesty report included part of the same statement from Amazon, showing Amnesty contacted the company before publication.

https://www.vice.com/en/article/xgx5bw/amazon-aws-shuts-down-nso-group-infrastructure

💡 Read as well: Revealed: leak uncovers global abuse of cyber-surveillance weapon
https://t.iss.one/BlackBox_Archiv/2394

#leak #surveillance #nso #pegasus #spyware #amazon #aws
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

MAGA World’s ‘Freedom Phone’ Actually Budget Chinese Phone

MAGA Influencers are pushing a phone preloaded with apps like Parler and Rumble that appears to be a vastly more expensive version of a phone made in China.

The pro-Trump internet went wild on Wednesday for the Freedom Phone, a $500 smartphone that comes stocked with conservative apps and promises to liberate anyone else who buys it from Silicon Valley censorship. The American flag-branded phone was immediately promoted by a wide range of right-wing figures, including former Trump adviser Roger Stone, Jan. 6 rally organizer Ali Alexander, and pundit Dinesh D’Souza.

“I’m holding a freaking phone that is not controlled by Apple or Google,” conservative personality Candace Owens told her fans in an Instagram video. “We made the switch immediately.”

Despite being lauded by some of the right-wing media’s leading figures, though, the Freedom Phone’s buyers could be getting less than they expect for its $500 price tag. That’s because the Freedom Phone appears to be merely a more expensive rebranding of a budget Chinese phone available elsewhere for a fraction of the Freedom Phone’s price.

The Freedom Phone was created by Erik Finman, the self-proclaimed “youngest bitcoin millionaire” and one of Time Magazine’s “Most Influential Teens of 2014.” In a video announcing the phone, Finman said he was inspired to create the phone after the tech giants’ crackdown on both Donald Trump and conservative social media app Parler in the wake of the Jan. 6 riot.

“Imagine if Mark Zuckerberg censored MLK or Abraham Lincoln,” Finman said in the video.

Freedom Phone’s website is nearly totally devoid of technical information about the device. Finman declares in the promotional video that the Freedom Phone is “comparable to the best smartphones on the market” and “truly is the best phone in the world.”

In fact, Freedom Phone appears to be a simple rebranding of a budget phone called the “Umidigi A9 Pro,” made by the Chinese tech company Umidigi. In an interview with The Daily Beast, Finman confirmed that the Freedom Phone was manufactured by Umidigi, but couldn’t say immediately which Umidigi phone it was based on.

https://www.thedailybeast.com/maga-worlds-freedom-phone-actually-budget-chinese-phone

💡 Read as well:
https://t.iss.one/neo_network/249

#usa #freedomphone #china #finman #TodlerTrump #umidigi #shenzhen
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities.

The United States has long been concerned about the People’s Republic of China’s (PRC) irresponsible and destabilizing behavior in cyberspace. Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security.

An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities.

The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security.

Our allies and partners are a tremendous source of strength and a unique American advantage, and our collective approach to cyber threat information sharing, defense, and mitigation helps hold countries like China to account. Working collectively enhances and increases information sharing, including cyber threat intelligence and network defense information, with public and private stakeholders and expand diplomatic engagement to strengthen our collective cyber resilience and security cooperation. Today’s announcement builds on the progress made from the President’s first foreign trip. From the G7 and EU commitments around ransomware to NATO adopting a new cyber defense policy for the first time in seven years, the President is putting forward a common cyber approach with our allies and laying down clear expectations and markers on how responsible nations behave in cyberspace.

https://telegra.ph/The-United-States-Joined-by-Allies-and-Partners-Attributes-Malicious-Cyber-Activity-and-Irresponsible-State-Behavior-to-the-Peop-07-19

via www.whitehouse.gov

#usa #nato #eu #china #prc #malicious #internet #cyberdefence
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

musescore-downloader

download sheet music from musescore.com for free, no login or Musescore Pro required

Musescore Pro ($6.99/mo) is required to download sheet music from musescore.com recently.
(However, a few months ago, it was free to download.)

The Musescore company said that this is about copyright and licensing, and they must pay to the copyright owners.

Many musics on musescore.com are already in the Public Domain, that means either the author posted them in Public Domain, or the author has been dead for over 70 years.
Do they need to pay to those composers who died hundreds of years ago?
Update: sheets in Public Domain are able to be downloaded without Musescore Pro now, but we still need an account to access them.

Also, there are many sheet music authors on musescore.com who created their own songs and posted them under CC-BY-NC (Creative Commons Attribution-NonCommercial) License.
Is it illegal that they sell them for profit?
Note: Putting ads (to sell Musescore Pro) on the website also means that they use it to generate revenue.

This is absolutely not acceptable, and the only purpose is to profit from stealing.

https://github.com/Xmader/musescore-downloader

💡 Read as well:
https://web.archive.org/web/20210719115639if_/https://github.com/Xmader/musescore-downloader/issues/5#issuecomment-882450335

⚠️ For the purposes of research and study only

#musescore #downloader #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Apple under pressure over iPhone security after NSO spyware claims

Tech group urged to collaborate with rivals following alleged Pegasus surveillance of journalists and activists

Apple has come under pressure to collaborate more with its Silicon Valley rivals in order to fend off the common threat of surveillance technology, after a report alleged that NSO Group’s Pegasus spyware was used to target journalists and human rights activists.

Amnesty International, which analysed dozens of smartphones targeted by clients of NSO, said Apple’s marketing claims about its devices’ superior security and privacy had been “ripped apart” by the discovery of vulnerabilities in even the most recent versions of its iPhones and iOS software.

“Thousands of iPhones have potentially been compromised,” said Danna Ingleton, deputy director of Amnesty’s tech unit. “This is a global concern — anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.”

Security researchers say that Apple could do more to tackle the problem by working with other tech companies to share details about vulnerabilities and vet their software updates.

“Apple unfortunately do a poor job at that collaboration,” said Aaron Cockerill, chief strategy officer at Lookout, a mobile security provider, describing iOS as a “black box” compared with Google’s Android, where it is “much easier to identify malicious behaviour”.

Amnesty worked with the journalism non-profit Forbidden Stories and 17 media partners on the “Pegasus Project” to identify alleged targets of surveillance.

NSO, which says its technology was designed only to target criminal or terrorist suspects, has described the Pegasus Project’s claims as “false allegations” and “full of wrong assumptions and uncorroborated theories”.

Amnesty’s research found that several attempts to steal data and eavesdrop on iPhones had been made through Apple’s iMessage using so-called “zero-click” attacks, which work without the user needing to tap a link.

Bill Marczak, research fellow at Citizen Lab, a non-profit group that has extensively documented NSO’s tactics, said Amnesty’s findings suggested that Apple had a “major blinking red five-alarm-fire problem with iMessage security”.

(Paywall) https://www.ft.com/content/898e14b1-a4e1-4443-8d9a-8b5ff5238396

#leak #surveillance #nso #pegasus #spyware #apple #iMessage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

A Look at Glytch's Pocket Hardware Hacking Kit

Glytch is back again, this time with a cursed video! You read that right, this one has been a bit of a problem...But it's here, sit back, relax, and watch Glytch ramble on about another mishmash of hardware in a fabric package, this time on Hak5!

https://www.youtube.com/watch?v=GI9eWmk54ro

#hak5 #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

What protects against Pegasus

The spy software is sophisticated. Anyone who wants to be spied on with this software is largely unprotected. But there are a few ways to make the attackers' work more difficult.

💡 The good news about Pegasus is that the notorious spyware is not a tool for mass surveillance. Unlike the tools of NSA and Co., it is - as far as is known - not used to intercept data of millions of people, but very specifically positioned against individuals and their environment. The NSO Group also charges its customers a lot of money for each individual connection it intercepts. There is talk of the equivalent of several thousand euros.

Although the Pegasus Project's research shows that the devices of tens of thousands of people have been targeted by NSO customers, these are mainly activists, journalists and politicians - in short, people who are in the public eye - in addition to many suspected criminals. It is therefore unlikely that "ordinary citizens" will ever come into contact with such technology.

💡 The bad news, however, is that anyone who is to be spied on with Pegasus is largely defenseless. As far as is known, the spy software works on iPhones as well as Blackberrys, and the Android operating system offers no protection either. "There is no effective way for a user to defend against this type of attack," warns IT security expert Claudio Guarnieri of the Amnesty International Security Lab. Leaving the cell phone at home altogether or putting it in another room for confidential conversations is the best protection.

If you don't want to do this, you can at least make it more difficult for attackers to do their work. For example, you should always use the latest version of the operating system. As a rule, security gaps are also closed with every update. You should never click on links in messages from unknown senders. Security experts also recommend deactivating Apple's iMessage service and Facetime, as these are known gateways for Pegasus. It can also help to use a so-called Virtual Private Network - VPN for short - to surf the Internet. IT experts have also observed that when infected with Pegasus software, turning it off and on helps - at least in the short term. This puts the software out of operation, but only until the next attack.

https://projekte.sueddeutsche.de/artikel/politik/pegasus-project-was-vor-nso-spaehsoftware-schuetzt-e876744/

#leak #surveillance #nso #pegasus #spyware #protection
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv