Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 - Ars Technica
It was bound to happen. Worst Linux vulnerability in 6 years fells two popular handsets.
hacking
Attackers can force Amazon Echos to hack themselves with self-issued commands - Ars Technica
Popular “smart” device follows commands issued by its own speaker. What could go wrong?
2FA app with 10,000 Google Play downloads loaded well-known banking trojan | Ars Technica
A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said.
Israeli police used spyware to hack its own citizens, a report says : NPR
https://www.npr.org/2022/01/18/1073828708/israel-spyware-citizens-nso-group
Israeli police have used spyware from controversial Israeli company NSO Group to hack the cell phones of Israeli citizens without judicial oversight, including activists protesting former Prime Minister Benjamin Netanyahu, an Israeli newspaper reported Tuesday.
The Israeli spyware company faces mounting global scrutiny and recent U.S. sanctions for equipping regimes with powerful surveillance tools used to target human rights activists, journalists and politicians. Recently, Palestinian activists said their phones were infected with NSO spyware.
U.S. State Department phones hacked with Israeli company spyware - sources - Reuters
iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group
Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users
The hackers had set up a watering hole attack, meaning they hid malware within the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong. Users who visited those websites would get hacked with an unknown vulnerability—in other words, a zero-day—and another exploit that took advantage of a previously patched vulnerability for MacOS that was used to install a backdoor on their computers, according to Hernandez.
Apple patched the zero-day used in the campaign in an update pushed out on September 23, according to the report.
Østre Toten kommune får fire millioner i bot etter dataangrepet mot kommunen – NRK
kommunen har hatt store mangler på grunnleggende sikkerhet.
– Vi ser at det har vært mangler i logging, av tofaktorautorisering, innen sikkerhetskultur og i rutiner for backup.
Tilsynet skriver i vedtaket at de ser særlig alvorlig på at personopplysninger og opplysninger om barn er rammet av angrepet. Begge har krav på et særskilt vern. Dataene er tapt for kommunen og delt i ukjent omfang på det mørke nettet.
The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
The news highlights the continued risk from the online advertising ecosystem. Some hackers leverage how adverts are delivered to send target devices malware. Data brokers and potentially intelligence agencies can leverage the ecosystem to gather information on devices and by extension people, sometimes including their physical location. The IC taking steps to protect itself from the dangers of the advertising ecosystem shows just how malicious it can be.
Forensic Methodology Report: How to catch NSO Group’s Pegasus - Amnesty International
Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.
Most recently, a successful “zero-click” attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021.
How does Apple technology hold up against NSO spyware? - The Guardian
https://www.theguardian.com/news/2021/jul/19/how-does-apple-technology-hold-up-against-nso-spyware
The iPhone maker says it is keeping pace with malware, but the Pegasus project paints a worrying picture