PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical.

The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

The judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.”

The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek.

The United States government took a significant step in countering the spread and misuse of commercial spyware. The Department of State issued visa restrictions on 13 individuals who were involved in the production and distribution of commercial spyware, as well as their immediate family members. The press statement described the individuals as benefitting financially from the controversial technology, which has been misused to target various groups such as journalists, academics, human rights defenders, dissident individuals, and U.S. government individuals.

Human Rights Violations and Counter-Intelligence Fears Cited as Justification

[caption id="attachment_64512" align="alignnone" width="1000"] Source: Shutterstock[/caption] The policy framework to begin implementing visa restrictions was issued in February 2024 as part of Section 212 (a)(3)(C) of the Immigration and Nationality Act. Secretary of State Antony J. Blinken stated that the move came in response to concerns of growing global misuse of commercial spyware to enable government repression, restrict information sharing, or enable various human rights abuses. The release further described commercial spyware as threatening privacy, freedom of expression, free assembly or association. It described the technology as being linked to arbitrary detentions, forced disappearances, and extrajudicial killings in extreme cases. There was additional concern about the possibility of misusing these tools as a form of counterintelligence effort against individuals in the U.S. government as a threat to national security.

New US Government Measures Target Commercial Spyware

This visa restriction policy empowers the Department of State to enforce visa restrictions for three categories: (1) those involved in misusing commercial spyware to target individuals unlawfully, including journalists, activists, dissidents, and vulnerable populations; (2) those benefiting financially from commercial spyware, such as company directors providing spyware to governments engaging in unlawful surveillance; and (3) immediate family members of those in the first two categories(including spouses and children of any age) Last month, in March 2024 the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions on two individuals and five entities associated with commercial spyware development. In the same month, countries such as Finland, Germany, Ireland, Japan, Poland, and the Republic of Korea added themselves as participants to the ‘Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware’ with their representatives meeting in person. Last year in March 2023, the US Government issued an executive order prohibiting members of the United States Government from employing commercial spyware that may pose a risk to national security. These measures indicate that the U.S. government isn't treating the proliferation of commercial spyware lightly. Through visa and similar restrictions on associated individuals as well as joint efforts with other countries, the government aims at sending a strong message about human rights, privacy, and global security matters. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it’s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021.

Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. Pegasus is one of the world’s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices.

The second number became known when Apple changed the wording of the relevant support page. The change also included the title that went from “About Apple threat notifications and protecting against state-sponsored attacks” to “About Apple threat notifications and protecting against mercenary spyware.”

If you look at the before and after, you’ll also notice an extra paragraph, again with the emphasis on the change from “state-sponsored attacks” to “mercenary spyware.”

The cause for the difference in wording might be because “state-sponsored” is often used to indicate attacks targeted at entities, like governments or companies, while these mercenary attacks tend to be directed at individual people.

The extra paragraph specifically calls out the NSO Group and the Pegasus spyware it sells. While the NSO Group claims to only sell to “government clients,” we have no reason to take its word for it.

Apple says that when it detects activity consistent with a mercenary spyware attack it uses two different means of notifying the users about the attack:

• Displays a Threat Notification at the top of the page after the user signs into appleid.apple.com.
• Sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

Apple says it doesn’t want to share information about what triggers these notifications, since that might help mercenary spyware attackers adapt their behavior to evade detection in the future.

The NSO Group itself argued in a court case started by Meta for spying on WhatsApp users, that it should be recognized as a foreign government agent and, therefore, be entitled to immunity under US law limiting lawsuits against foreign countries.

NSO Group has also said that its tool is increasingly necessary in an era when end-to-end encryption is widely available to criminals.

How to stay safe

Apple advises iPhone users to:

• Enable Lockdown mode.
• Keep devices up to date.
• Protect devices with a passcode.
• Use Multi-Factor-Authentication (MFA) for your Apple ID.
• Only install apps from the App Store.
• Use strong and unique passwords online.
• Don’t click on links or attachments from unknown senders.

We’d like to add:

• Use an anti-malware solution on your device.
• If you’re not sure about something that’s been sent to you, verify it with the person or company via another communcation channel.
• Use a password manager.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US.

Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of the use of the spyware against Americans, including US government officials, journalists, and policy experts.

Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said:

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens.”

Since its founding in 2019, the Intellexa Consortium has marketed the Predator label as a suite of tools created by a variety of offensive cybercompanies that enable targeted and mass surveillance campaigns.

Predator is capable of infiltrating a range of electronic devices without any user interaction (known as ‘zero-click’). Once installed, Predator deploys its extensive data-stealing and surveillance capabilities, giving the attacker access to a variety of applications and personal information on the compromised device. The spyware is capable of turning on the user’s microphone and camera, downloading their files without their knowledge, tracking their location, and more.

Under the sanctions, Americans and people who do business with the US are forbidden from transacting with Intellexa, its founder and architect Tal Dilian, employee Sara Hamou and four of the companies affiliated with Intellexa.

Sanctions of this magnitude leveraged against commercial spyware vendors for enabling misuse of their tools are unprecedented, but the US has expressed concerns about commercial spyware vendors before.

“A growing number of foreign governments around the world, moreover, have deployed this technology to facilitate repression and enable human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists.”

In July 2023, the US Commerce Department’s Bureau of Industry and Security (BIS) added Intellexa and Cytrox AD to the Entity List for trafficking in cyber exploits used to gain access to information systems. Cytrox AD is a North Macedonia-based company within the Intellexa Consortium and acts as a developer of the consortium’s Predator spyware.

The Entity List is a trade control list created and maintained by the US government. It identifies foreign individuals, organizations, companies, and government entities that are subject to specific export controls and restrictions due to their involvement in activities that threaten US national security or foreign policy interests.

Earlier this month, a California federal judge ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products used to spy on WhatsApp users.

While you’ll see Predator and Pegasus usually deployed in small-scale and targeted attacks, putting a stop to the development and deployment of spyware by these commercial entities is good news for everyone.

How to remove spyware

Because spyware apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes for Android can help you.

1. Open Malwarebytes for Android and navigate to the dashboard
2. Tap Scan now
3. It may take a few minutes to scan your device, but it will tell you if it finds spyware or any other nasties.
4. You can then uninstall the app.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users.

Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over the period of two weeks. During this time, NSO Group gained access to the users’ sensitive data, including encrypted messages.

NSO Group justifies the use of Pegasus by saying it’s a beneficial tool for investigating and preventing terrorist attacks and maintaining the safety of the public. However, the company also says it recognizes that some customers might abuse the abilities of the software for other purposes.

Earlier in the court case, NSO Group argued it should be recognized as a foreign government agent and, therefore, be entitled to immunity under US law limiting lawsuits against foreign countries. NSO Group is closely regulated by the Israeli ministry of defense, which reviews and has to approve the sale of all licenses to foreign governments or entities. This is likely also the reason why NSO Group claimed to be excused of all its discovery obligations in the case, due to various US and Israeli restrictions.

NSO Group argued it should only be required to hand over information about Pegasus’ installation layer, but this was denied by the court. The judge ordered NSO Group to provide the plaintiffs with the knowledge needed to understand how the relevant spyware performs the functions of accessing and extracting data.

WhatsApp said that the decision is a major victory in its mission to defend its users against cyberattacks. This may be true if a better understanding of how the spyware works leads to improvements that can thwart future abuse.

However, this is no reason to assume that this will bring an end to NSO Group’s capabilities or willingness to spy on WhatsApp users. NSO Group doesn’t have to disclose the identity of its clients and it only has to produce information concerning the full functionality of the relevant spyware, specifically for a period of one year before the alleged attack to one year after the alleged attacks, which means from April 29, 2018 to May 10, 2020. Things have developed since then.

The US sanctioned NSO Group in 2021 for developing and supplying cyber weapons to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics, and embassy workers.

After that period we saw many zero-day vulnerabilities brought to light in browsers and other online applications very likely used by the NSO to compromise mobile devices.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.