15 Android settings that'll strengthen your security

You might not know it from all the panic-inducing headlines out there, but Android is actually packed with practical and powerful security options. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the overhyped Android malware monster du jour and instead take a moment to look through these far more meaningful Android settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here

Read more

Google I/O and the curious case of the missing Android version

With Google’s I/O announcement expo now firmly in the rearview mirror, it’s time for us to enter the inevitable next phase of any tech-tinted revelation — and that’s the careful contemplation of everything we’ve just experienced.

It’s my favorite phase of all, personally, as it lets us really dive in and analyze everything with a fine-toothed comb to uncover all the subtle significance that isn’t always apparent on the surface.

And this year, my goodness, is there some splendid stuff to pore over.

Specific to the realm of Android, the sharp-eyed gumshoes over at 9to5Google noticed that this year’s under-development new Android version, Android 14, was mentioned by name only one time during the entire 2,000-hour Google I/O keynote.

To read this article in full, please click here

Read more

Steve Wozniak: ChatGPT-type tech may threaten us all

Apple co-founder Steve Wozniak has been touring the media to discuss the perils of generative artificial intelligence (AI), warning people to be wary of its negative impacts. Speaking to both the BBC and Fox News, he stressed that AI can misuse personal data, and raised concerns it could help scammers generate even more effective scams, from identity fraud to phishing to cracking passwords and beyond.

AI puts a spammer in the works

“We’re getting hit with so much spam, things trying to take over our accounts and our passwords, trying to trick us into them,” he said.

To read this article in full, please click here

Read more

Apple, platform security, and the next big war

When Apple CEO Tim Cook in 2016 warned of a cybersecurity war, he was specifically discussing the pressure Apple then faced to create back doors on its platforms so law enforcement could snoop on users.  

He was championing encryption and opposing the creation of designer vulnerabilities that can be exploited by any entity that knows they exist. Since then, we’ve seen a cancerous tumult of surveillance as a service that companies such as the NSO Group break out, each of them using the kind of hard-to-find flaws governments may insist on platform providers creating.

To read this article in full, please click here

Read more

Decoy dog toolkit plays the long game with Pupy RAT

Categories: News

Tags: Pupy RAT

Tags: nation state

Tags: russia

Tags: decoy dog

Tags: toolkit

Tags: linux

Tags: mobile

Tags: windows

Tags: malware

Tags: DNS

Tags: evasive

We take a look at the discovery of a long running malware toolkit campaign evading detection through its use of DNS.

(Read more…)

The post Decoy dog toolkit plays the long game with Pupy RAT appeared first on Malwarebytes Labs.

Read more

Jamf debuts sophisticated security protection for executive iPhones

Newton’s Third Law of motion argues that for every action there is an equal and opposite reaction. With that in mind, it’s no surprise that the Apple ecosystem is fighting back in a big way against the mercenary spyware companies that have made headlines recently.

Improving situational awareness

Few people in tech sit comfortably with NSO Group and others in their attacks against journalists, human rights advocates, and high-value targets on behalf of repressive governments. They know that these technologies tend to proliferate, which is why most firms are now engaged in finding new ways to fight back.

To read this article in full, please click here

Read more

Security researchers uncover NSO Group iPhone attacks in Europe

Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked  for a global news agency.

Older iPhones at most risk

The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”

To read this article in full, please click here

Read more

NSO Group returns with triple iOS 15/16 zero-click spyware attack

No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.

It also suggests Lockdown Mode is effective against such attacks.

A trio of exploits used in complex form

The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.

To read this article in full, please click here

Read more

Yet more digital spies targeting iPhones exposed by security researchers

Just weeks after President Biden signed an executive order designed to prevent the US government from purchasing commercial spyware used to subvert democracies, researchers have identified yet another shameful zero-click, zero-day exploit that targeted iPhone users. This spy-for-hire ‘solution’ was sold by an Israeli firm called QuaDream.

Making everyone less safe

QuaDream’s attacks have been exposed by security researchers at Microsoft and Citizen Lab. QuaDream is a more secretive entity than NSO Group but shares much of the same pedigree, including being founded by ex-NSO Group employees and having connections to Israeli intelligence. Its attacks were first exposed last year, but the researchers have since found more about how these digital mercenaries worked.

To read this article in full, please click here

Read more

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.

Read more