Patched bugs in Apple and Google software exploited in spyware attacks: Report
1 year, 2 months ago

Patched bugs in Apple and Google software exploited in spyware attacks: Report

The Hindu  

Security bugs in Apple’s iOS and Google’s Chrome were found to have been exploited by threat actors to infect devices with Cytrox’s Predator spyware. The bugs, that were recently patched, were abused as part of an exploit chain to install the spyware, Citizen Lab and Google’s Threat Analysis Group shared in a blog post. Some of the domains used to target the devices identified “appeared to be geared at targets in countries previously identified as Cytrox Predator customers, including Egypt, Greece, and Madagascar” Citizen Lab and Google’s Threat Analysis Group shared. “Given that Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the network injection attack to the Egyptian government with high confidence,” Citizen Lab said. Citizen Lab security researchers also disclosed two other zero-day vulnerabilities fixed by Apple in its emergency security updates that were abused as part of another zero-click exploit to infect fully patched iPhones with NSO Group’s Pegasus.

Security Google Apple Egypt Egyptian Spyware Citizen Lab Software Exploited  spyware  apple  software  exploited  bugs  predator  security  report  lab  threat  exploit  updates  googles  devices  google  egypt  patched  attacks

History of this topic

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections
2 weeks, 5 days ago

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

Wired  

In recent years, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies …

Apple asks users to update software as soon as possible to fix security issues
4 weeks, 1 day ago

Apple asks users to update software as soon as possible to fix security issues

The Independent  

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox Sign up to our free IndyTech newsletter Sign up to our free IndyTech newsletter SIGN UP I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy Apple has released a new software update with “important security fixes” for iPhones, …

Apple, Google to fix a decade-old flaw that could compromise security on their browsers: Report
4 months, 2 weeks ago

Apple, Google to fix a decade-old flaw that could compromise security on their browsers: Report

The Hindu  

Apple will reportedly fix an 18-year-old exploit in its latest update for the Safari browser. Known as the ‘0.0.0’ security vulnerability, the exploit can be used by websites to send malicious requests to a browser. These malicious requests can be used by attackers to access internal private networks available on the victims’ device, opening their organisations network to a plethora …

Google fixes fifth –zero-day vulnerability in Chrome’s latest security update
7 months, 1 week ago

Google fixes fifth –zero-day vulnerability in Chrome’s latest security update

The Hindu  

Google released a security update for Chrome to fix a zero-day vulnerability. The security vulnerability was being exploited in the wild, and could result in data leakage, code execution and crashes in the software. The flaw can be misused to access data by other software or components and could result in data leakage, code execution and crashes in the software. …

Google fixes mulitple vulnerabilities in Android’s security update: Report
1 year, 2 months ago

Google fixes mulitple vulnerabilities in Android’s security update: Report

The Hindu  

Google released fixes for 54 unique vulnerabilities, including two known to have been actively exploited, in its Android security update. Of the 54 fixes concerning Android 11 through 13, five were rated critical, and two concerned remote code execution issues. The update from Google follows the standard system of releasing two patch levels, one that focuses on core Android components, …

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws
1 year, 2 months ago

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Wired  

Fall is here, but hot zero-day summer shows no signs of cooling down, with the likes of Apple, Microsoft, and Google fixing flaws being used in real-life attacks. First came iOS 16.6.1, an emergency security update released on September 9 to fix two flaws already being used in so-called “zero-click” attacks. The surprise iOS 17.0.1 upgrade was important because it …

Leading Egyptian opposition politician targeted with spyware, researchers find
1 year, 2 months ago

Leading Egyptian opposition politician targeted with spyware, researchers find

Associated Press  

BOSTON — A leading Egyptian opposition politician was targeted with spyware multiple times after announcing a presidential bid — including with malware that automatically infects smartphones, security researchers have found. Citizen Lab said in a blog post that attempts beginning in August to hack former Egpytian lawmaker Ahmed Altantawy involved configuring his phone’s connection to the Vodaphone Egypt mobile network …

New flaw in Apple devices led to spyware infection, researchers say
1 year, 3 months ago

New flaw in Apple devices led to spyware infection, researchers say

The Hindu  

Researchers at digital watchdog group Citizen Lab said on Thursday they found spyware they linked to Israeli firm NSO that exploited a newly discovered flaw in Apple devices. While inspecting the Apple device of an employee of a Washington-based civil society group last week, Citizen Lab said it found the flaw had been used to infect the device with NSO's …

Previously unknown iOS malware, and updated toolsets key threats revealed in cyber security: Report
1 year, 4 months ago

Previously unknown iOS malware, and updated toolsets key threats revealed in cyber security: Report

The Hindu  

The emergence of new Advanced Persistent Threat actors, the use of updated tool kits, and the creation of new malware variants along with the adoption of fresh techniques by cybercriminals were found to be the key trends in the cybersecurity landscape in Q2 2023. New threat actors belonging to the ‘Elephants’ family, operating in the Asia-Pacific region, dubbed “Mysterious Elephant” …

Israeli firm NSO’s spyware again hacking iPhones: Report
1 year, 8 months ago

Israeli firm NSO’s spyware again hacking iPhones: Report

Al Jazeera  

A research group says the Israeli NSO Group’s spyware was used to launch at least three “zero click” attacks on the iPhones of civil society members last year. Citizen Lab released its findings on Tuesday into NSO’s global reach after its software infected the phones of at least two human rights defenders in Mexico in 2022. ‘Penetrate and perhaps blunt’ …

Google spots spyware campaigns targeting Android, iOS, and Chrome
1 year, 8 months ago

Google spots spyware campaigns targeting Android, iOS, and Chrome

The Hindu  

Google researchers detected two spyware campaigns that were using various zero-day exploits alongside n-day exploits to target Android, iOS, and Chrome. The link would then redirect them to legitimate websites such as the page to track shipments, or a popular Malaysian website to avoid detection The campaign was also found to be sharing the GPS location of devices while allowing …

Bug fixes this week | Vulnerabilities in Apple, Google, and Cisco products fixed
1 year, 9 months ago

Bug fixes this week | Vulnerabilities in Apple, Google, and Cisco products fixed

The Hindu  

The Indian Computer Emergency Response Team released multiple vulnerability notes detailing security bugs detected in commonly used software from Apple, Google, and Cisco. The security bugs could be exploited by attackers to gain elevated privileges, execute arbitrary code, access sensitive information by bypassing security restrictions, and could even lead to denial-of-services on targeted systems. Google Chrome for Windows and Linux …

Bug fixes this week | Vulnerabilities in Apple, Microsoft, Google, and Adobe products fixed
1 year, 10 months ago

Bug fixes this week | Vulnerabilities in Apple, Microsoft, Google, and Adobe products fixed

The Hindu  

During the week, the Indian Computer Emergency Response Team, released reports for security bugs affecting software including Apple’s iOS, iPadOS, and macOS, Microsoft’s Edge browser, Google Chrome, and Adobe products. Security bugs could be exploited by attackers to gain elevated privileges, execute arbitrary code, and gain access to sensitive information on targeted systems. Google Chrome Multiple security bugs were reported …

Apple releases updates fixing security bug exploited to hack iPhones and Macs: Report
1 year, 10 months ago

Apple releases updates fixing security bug exploited to hack iPhones and Macs: Report

The Hindu  

Apple, on Monday, released emergency security updates to address a new zero-day vulnerability used in attacks targeting iPhones, iPads, and Macs, a report from Bleepingcomputer shared. The security bug was found to be caused by a WebKit confusion that could be exploited to cause the operating system to crash and execute maliciously crafted codes on the affected devices. In Mac, …

Bug fixes this week | Vulnerabilities in Apple, Microsoft, Google, and Samsung products fixed
1 year, 10 months ago

Bug fixes this week | Vulnerabilities in Apple, Microsoft, Google, and Samsung products fixed

The Hindu  

The Indian Computer Emergency Response Team, released vulnerability notes for commonly used software detailing security bugs that could be exploited by cybercriminals to compromise the security of affected systems. The security bugs could be exploited by remote threat actors to gain elevated privileges and bypass security restrictions on targeted systems by escaping the browser’s sandbox, which is used to run …

Bug fixes this week | Vulnerabilities in Microsoft, Mozilla, Zoho, and Cisco products fixed
1 year, 11 months ago

Bug fixes this week | Vulnerabilities in Microsoft, Mozilla, Zoho, and Cisco products fixed

The Hindu  

Microsoft Edge Multiple high-severity vulnerabilities were reported in Microsoft’s Edge which could be exploited by cybercriminals to gain elevated privileges and execute arbitrary code on targeted systems. Mozilla Firefox High-severity security bugs were detected in Mozilla Firefox versions, which could be exploited by remote attackers to perform attacks, bypass security restrictions, access sensitive information, and execute arbitrary code on targeted …

Vulnerabilities in Google’s Chrome, Chrome OS, Windows, and Adobe products fixed - The Hindu
1 year, 11 months ago

Vulnerabilities in Google’s Chrome, Chrome OS, Windows, and Adobe products fixed - The Hindu

The Hindu  

Google Chrome and Chrome OS Multiple security bugs with high severity ratings were detected in Google Chrome and Chrome OS which could be exploited by remote attackers to bypass security restrictions, access user information, execute arbitrary code, or cause denial-of-service on the targeted systems. The security bugs reported in Adobe could allow attackers to execute arbitrary codes, cause memory leaks, …

Apple fixes Mac Gatekeeper bypass vulnerability affecting even Lockdown Mode devices
2 years ago

Apple fixes Mac Gatekeeper bypass vulnerability affecting even Lockdown Mode devices

The Hindu  

Apple fixed a serious vulnerability in its Mac Gatekeeper that could allow malware to bypass checks and infect devices via untrusted applications, according to a report from BleepingComputer. The flaw would allow attackers to abuse a logic issue to set Restrictive Control List Permissions, which is designed to block web browsers and internet downloaders from downloading and setting quarantine restrictions …

Apple's new iPhone and iPad updates fix critical security flaw, users must update immediately
2 years, 1 month ago

Apple's new iPhone and iPad updates fix critical security flaw, users must update immediately

India Today  

Apple recently started rolling out new software updates for iPhones and iPads. The software versions, iOS 16.1 and iPadOS 16, introduced some new features, but Apple has now clarified the updates also address a critical security flaw. A spreadsheet by a Google researcher points out that CVE-2022-42827 is the seventh zero-day vulnerability Apple patched this year. Apple's Support page also …

Google fixes multiple security bugs in Android, Chrome OS
2 years, 2 months ago

Google fixes multiple security bugs in Android, Chrome OS

The Hindu  

Multiple high-severity vulnerabilities were reported in some versions of Android and Chrome OS. Android Security bugs in Android could be exploited by an attacker to elevate their privileges thereby gaining access to sensitive information on affected devices. CERT-In’s report flagged Android OS versions 10, 11, 12, 12L and 13 for these security bugs. Google Chrome OS Security bugs in Chrome …

Google fixes several bugs in Chrome affecting Windows, Mac users
2 years, 2 months ago

Google fixes several bugs in Chrome affecting Windows, Mac users

The Hindu  

On Friday, Computer Emergency Response Team released notes on bugs affecting Chrome. The security bugs can allow cybercriminals to bypass security restrictions on the browser, execute arbitrary codes and cause denial of services on computer systems running vulnerable versions of the software. According to vulnerability notes from CERT-In, these security flaws in Chrome existed due to use-after-free in CSS, which …

Apple warns of security flaw for iPhones, iPads and Macs
2 years, 4 months ago

Apple warns of security flaw for iPhones, iPads and Macs

The Hindu  

Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. For most folks: update software by end of day If threat model is elevated : update now https://t.co/BUEn08260X — Rachel Tobac August 18, 2022 Apple’s explanation of the vulnerability means a hacker could get “full admin access" to …

Apple warns of security flaw for iPhones, iPads and Macs
2 years, 4 months ago

Apple warns of security flaw for iPhones, iPads and Macs

Associated Press  

SAN FRANCISCO — Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security. Security experts have advised users to update affected devices — the …

Update your iPhone! Why Union minister is warning Apple devices are at risk
2 years, 4 months ago

Update your iPhone! Why Union minister is warning Apple devices are at risk

Firstpost  

Several devices including the iPhone6S and later models, Ipads 5th generation and newer, all iPad Pros, the iPad Air 2 and Mac computers running macOS Monterey are vulnerable. Update ur iphones wth 15.6.1 to avoid zero-day exploit vulnerabilitiea ⁦@IndianCERT⁩ ⁦@GoI_MeitY⁩ Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack https://t.co/uKQbd0oDG1 — Rajeev Chandrasekhar 🇮🇳 August …

For Apple and Google, fight against state-sponsored spyware isn’t getting easier
3 years ago

For Apple and Google, fight against state-sponsored spyware isn’t getting easier

Hindustan Times  

Just days after Apple filed a lawsuit against the Israeli firm NSO Group for the surveillance and targeting of Apple users with the Pegasus spyware, the tech giant has also detailed how it detects traces and activities that are generally consistent with a state- Google, meanwhile, continues to face its own set of challenges with regards to curbing spyware on …

Apple issues urgent security update for all iPhone, iPad and Mac users
3 years, 3 months ago

Apple issues urgent security update for all iPhone, iPad and Mac users

The Independent  

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox Sign up to our free IndyTech newsletter Sign up to our free IndyTech newsletter SIGN UP I would like to be emailed about offers, events and updates from The Independent. Researchers at the University of Toronto’s Citizen Lab said they found malicious image files being transmitted to …

Apple rolls out urgent software update for iPhone to fix Pegasus-related vulnerability
3 years, 3 months ago

Apple rolls out urgent software update for iPhone to fix Pegasus-related vulnerability

India Today  

Apple has rolled out a software update for the iPhone that patches a critical vulnerability, which, according to some researchers, has been exploited using surveillance software to snoop on a Saudi activist. According to the researchers, the exploit, called CVE-2021-30860, was being used to target journalists and human rights activists in Saudi Arabia and other countries through the notorious surveillance …

Apple patches exploit attributed to Pegasus
3 years, 3 months ago

Apple patches exploit attributed to Pegasus

The Hindu  

Apple released an emergency software patch to fix a security vulnerability that researchers said could allow hackers to directly infect Apple devices without any user action. The researchers at the University of Toronto’s Citizen Lab said the flaw allowed Pegasus spyware from the world’s most infamous hacker-for-hire firm, NSO Group, to directly infect the iPhone of a Saudi activist. Although …

Apple fixes flaw exploited by Israeli firm’s Pegasus spyware
3 years, 3 months ago

Apple fixes flaw exploited by Israeli firm’s Pegasus spyware

Al Jazeera  

The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s malware Pegasus to gain access to a device owned by a Saudi activist, according to security researchers. Apple Inc. said it patched a security flaw in the Messages app after security researchers determined that Israel-based NSO Group used it to “exploit and infect” the latest devices with spyware. …

Pegasus: Are you at risk? Steps to protect yourself from spyware
3 years, 5 months ago

Pegasus: Are you at risk? Steps to protect yourself from spyware

India TV News  

An international media consortium has published reports claiming NSO Group clients used Pegasus spyware to hack phones of politicians including the ruling party members, journalists, human rights activists and others. The reports claimed that former Congress chief Rahul Gandhi, BJP ministers Ashwini Vaishnaw and Prahlad Singh Patel, as also former election commissioner Ashok Lavasa and poll strategist Prashant Kishor were …

Pegasus spyware leak shows Apple needs to ramp up iPhone security big time
3 years, 5 months ago

Pegasus spyware leak shows Apple needs to ramp up iPhone security big time

India Today  

Apple for long has taken a lot of pride in the secure experience it offers to the users. But, even Apple has been left red-faced with the latest Pegasus spyware leak which shows that the Cupertino-based tech giant needs to ramp up its security. For over a decade, Apple has led the industry in security innovation and, as a result, …

Apple condemns Pegasus spyware attack, says it is working on added protection
3 years, 5 months ago

Apple condemns Pegasus spyware attack, says it is working on added protection

India Today  

Apple, the tech giant which emphasises user privacy, was a victim of Pegasus spyware attack that snooped on journalists, activists and some government officials. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. While that means …

Google rolls security update for Chrome, fixes zero-day exploit in V8 JavaScript engine
3 years, 5 months ago

Google rolls security update for Chrome, fixes zero-day exploit in V8 JavaScript engine

Firstpost  

Google says that the Stable channel has been updated to 91.0.4472.164 for Windows, Mac and Linux which will roll out over the coming days/weeks. Google is rolling out a massive new update with security fixes for Chrome web browser. The update also includes a fix of the zero-day exploit in its V8 JavaScript engine. For the uninitiated, a zero-day exploit …

Pegasus spyware hacking: Reports show latest iPhones with iOS 14 can be hacked with zero-click iMessage exploit
3 years, 5 months ago

Pegasus spyware hacking: Reports show latest iPhones with iOS 14 can be hacked with zero-click iMessage exploit

India Today  

Pegasus spyware-making Israeli company, NSO Group, has found itself in dire straits again. Amnesty International’s Security Lab carried out an in-depth forensic analysis of several mobile phones of human rights defenders and journalists from around the world to find out that Pegasus’s surveillance is not just a violation of user privacy, it also goes against human rights. The leaked database …

Chrome browser for Windows and Mac now receiving the latest update to patch new zero-day bug
3 years, 5 months ago

Chrome browser for Windows and Mac now receiving the latest update to patch new zero-day bug

India Today  

Google Chrome users are receiving a new security update that brings fixes for several issues with the browser. As pointed out by The Hacker News, this is the ninth zero-day vulnerability addressed by Google for its Chrome browser this year. Chrome users are suggested to update their browser to the latest version to avoid any exploitation of their data through …

Google patches two actively exploited Chrome zero-day bugs
4 years, 1 month ago

Google patches two actively exploited Chrome zero-day bugs

The Hindu  

Google on Wednesday released an update for Chrome to patch two zero-day vulnerabilities that were exploited in the wild. While the first three vulnerabilities were discovered by Google’s security research team, the recent two bugs came to Google’s knowledge through anonymous sources. “We would also like to thank all security researchers that worked with us during the development cycle to …

Google Chrome Getting a New Update That Fixes Two Critical Zero-Day Vulnerabilities
4 years, 1 month ago

Google Chrome Getting a New Update That Fixes Two Critical Zero-Day Vulnerabilities

News 18  

Google Chrome browser for Windows, Mac, and Linux is getting a new update that addresses two zero-day vulnerabilities discovered in the wild. Users can manually update the browser by heading to ‘more’ at the top right corner and then select update Google Chrome. Last week, Google addressed the second zero-day bug CVE-2020-16009 also residing in Chrome’s V8 JavaScript engine. The …

Google Chrome Gets Second Security Update in Two Weeks That Fixes a Critical Zero-Day Vulnerability
4 years, 1 month ago

Google Chrome Gets Second Security Update in Two Weeks That Fixes a Critical Zero-Day Vulnerability

News 18  

Google Chrome desktop browser is receiving a new security update that patches ten bugs with high-risk ratings. This is the second security update Google has released in the last two weeks that also addresses a zero-day vulnerability, identified as CVE-2020-16009 on the browser. The zero-day vulnerability was found to be affecting Google Chrome desktop application for Windows, Mac and Linux …

Google discloses new zero-day vulnerability in Windows OS
4 years, 1 month ago

Google discloses new zero-day vulnerability in Windows OS

The Hindu  

Google has revealed a zero-day vulnerability in the Windows operating system that lets hackers to exploit it actively. Zero-day vulnerability, a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw, was discovered by Google’s Project Zero security researchers. According to Google, the zero-day bug in the Windows Kernel …

Discover Related