Jamf debuts sophisticated security protection for executive iPhones

Newton’s Third Law of motion argues that for every action there is an equal and opposite reaction. With that in mind, it’s no surprise that the Apple ecosystem is fighting back in a big way against the mercenary spyware companies that have made headlines recently.

Improving situational awareness

Few people in tech sit comfortably with NSO Group and others in their attacks against journalists, human rights advocates, and high-value targets on behalf of repressive governments. They know that these technologies tend to proliferate, which is why most firms are now engaged in finding new ways to fight back.

To read this article in full, please click here

Read more

Security researchers uncover NSO Group iPhone attacks in Europe

Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked  for a global news agency.

Older iPhones at most risk

The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”

To read this article in full, please click here

Read more

NSO Group returns with triple iOS 15/16 zero-click spyware attack

No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.

It also suggests Lockdown Mode is effective against such attacks.

A trio of exploits used in complex form

The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.

To read this article in full, please click here

Read more

Update now! April’s Patch Tuesday includes a fix for one zero-day

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Adobe

Tags: Cisco

Tags: SAP

Tags: Mozilla

Tags: CVE-2023-28252

Tags: CVE-2023-28231

Tags: CVE-2023-21554

Tags: Word

Tags: Publisher

Tags: Office

One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month’s Patch Tuesday updates.

(Read more…)

The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.

Read more

Yet more digital spies targeting iPhones exposed by security researchers

Just weeks after President Biden signed an executive order designed to prevent the US government from purchasing commercial spyware used to subvert democracies, researchers have identified yet another shameful zero-click, zero-day exploit that targeted iPhone users. This spy-for-hire ‘solution’ was sold by an Israeli firm called QuaDream.

Making everyone less safe

QuaDream’s attacks have been exposed by security researchers at Microsoft and Citizen Lab. QuaDream is a more secretive entity than NSO Group but shares much of the same pedigree, including being founded by ex-NSO Group employees and having connections to Israeli intelligence. Its attacks were first exposed last year, but the researchers have since found more about how these digital mercenaries worked.

To read this article in full, please click here

Read more

Apple releases emergency updates for two known-to-be-exploited vulnerabilities

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: iOS 16.4.1

Tags: iPadOS 16.4.1

Tags: macOS 13.3.1

Tags: CVE-2023-28206

Tags: CVE-2023-28205

Tags: use-after-free

Tags: out-of-bounds write

Tags: IOSurfaceAccelerator

Apple has released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible.

(Read more…)

The post Apple releases emergency updates for two known-to-be-exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more