Skip to main content
Recent Posts
23
Tech News / Re: Private Israeli spyware used to hack cellphones of journalists, activists
Last post by Anon -
https://threatpost.com/nso-group-data-pegasus/167897/
https://www.theverge.com/2021/7/18/22582532/pegasus-nso-spyware-target-phones-journalists-activists-investigation
https://www.thelastamericanvagabond.com/israel-aiding-saudi-arabia-others-spy-on-human-rights-activists/


Quote
Amazon Shuts Down NSO Group Infrastructure
The move comes as activist and media organizations publish new findings on the Israeli surveillance vendor.
https://www.vice.com/en/article/xgx5bw/amazon-aws-shuts-down-nso-group-infrastructure
25
Tech News / Private Israeli spyware used to hack cellphones of journalists, activists
Last post by Anon -
Private Israeli spyware used to hack cellphones of journalists, activists worldwide

NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click

https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/

https://archive.is/vIphF

https://web.archive.org/web/20210718213408if_/https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/



More Info

https://www.washingtonpost.com/investigations/2021/07/18/nso-group-response-pegasus-project/

https://www.wikiwand.com/en/NSO_Group

https://twitter.com/billmarczak/status/1416801514685796352

Quote
@AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus.  All this indicates that NSO Group can break into the latest iPhones.
30
Tech News / Chinese government lays out new vulnerability disclosure rules
Last post by Anon -
Chinese government lays out new vulnerability disclosure rules

The most important talking points are the fact that:
-researchers/vendors must share vulnerability reports with state agencies within two days of a report
-researchers are not allowed to release bug details before vendors had a reasonable chance to patch, except on rare occasions
-the new law also bans zero-day sales and vulnerability hoarding
-researchers are also banned from sharing data with overseas organizations (bug bounty platforms, hacking contests, CERT teams), except with product vendors & service providers directly

https://therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/

https://archive.st/archive/2021/7/therecord.media/ekst/therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/index.html

https://archive.is/BOX93