Search results for: finfisher

eye

New targeted surveillance spyware found on Google Play

A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that could spy on users. The Dardesh app was spotted and analyzed by Lookout researchers, who dubbed the malware family Desert Scorpion. How was the app delivered to targets? The malicious Dardesh chat app was apparently downloaded and installed by over a hundred users, … More

abstract

Week in review: Vulnerable encryption, Mac backdoor, Flash Player 0day exploited in the wild

Here’s an overview of some of last week’s most interesting news and articles: Vulnerability in code library allows attackers to work out private RSA keys Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. This private key could be then misused to impersonate its legitimate owner, decrypt sensitive messages, forge signatures … More

Adobe Flash

Adobe releases emergency fix for Flash Player zero-day exploited in the wild

Adobe has released an out-of-band security update for Adobe Flash Player that patches a zero-day remote code execution vulnerability actively exploited in the wild. Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International. The attack leveraging CVE-2017-11292 The researchers believe that the zero-day is … More

patch

Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild

As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September patch dump also includes details of a spoofing vulnerability in the Windows Bluetooth driver (CVE-2017-8628), which has been disclosed as part of the BlueBorne batch of vulnerabilities. The flaw was apparently patched silently in July, but Microsoft chose to delay releasing details about it until other vendors could develop … More

Apple iOS 9

Apple plugs three actively exploited iOS zero-days

Owners of Apple’s mobile devices are advised to upgrade to iOS version 9.3.5 as soon as possible, as it fixes three zero-day vulnerabilities actively exploited in the wild. The update, released on Thursday, comes in the wake of a discovery made by researchers from University of Toronto’s Citizen Lab and security firm Lookout: someone has attempted to compromise the iPhone of UAE-based human rights activist Ahmed Mansoor through the use of a lawful surveillance kit … More

German police allowed to use its own “federal Trojan”

The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called “federal Trojan”). In fact, it could end up being used as early as this week. The police will have to get a court order to use the spyware, and prove that the suspect is involved in a crime threatening citizens’ “life, limb or liberty”. The malware has been developed in-house, and has been available … More

iOS spyware used by Pawn Storm cyber spies

Trend Micro researchers have unearthed two variants of a spyware specially designed for targeting devices running iOS, and at least one of them can be installed on non-jailbroken devices. The malware is used by the attackers behind Pawn Storm, a recently discovered but long-standing cyber-espionage operation that has in the past targeted media companies, military attachés, staff at the Ministry of Defense in France and Hungary, a multinational company based in Germany, staff of the … More

Detekt government surveillance spyware on your computer

Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International have partnered to create and release a free and open source tool for detecting traces of known surveillance spyware on Windows computers. The tool – dubbed Detekt – is written in Python and relies on Yara, Volatility and Winpmem to scan the memory of a running Windows system, and is currently able to spot pre-defined patterns that point towards the following malware running on … More

iPhones are immune to FinSpy infections

FinSpyMobile, the mobile spying software sold by German company Gamma Group, can’t be installed on iPhones that have not been jailbroken, shows one of the documents recently stolen from the firm and leaked online by a still anonymous attacker. The malware – intended to be used by law enforcement and intelligence agencies against criminals but is allegedly also used against political dissidents, activists and journalists – can eavesdrop on calls and Skype calls, access messages, … More

Week in review: FinFisher’s spying capabilities, and NSA’s quest to subvert encryption

Here’s an overview of some of last week’s most interesting news and articles: The TAO of NSA It has been pointed out that NSA has its own hacking unit called Tailored Access Operations (TAO), and that its capabilities have been tapped for hunting down Osama bin Laden. Leaked FinFisher presentation details toolkit’s spying capabilities Sold by UK-based Gamma Group International, the toolkit was apparently created by Martin J. Muench, one of the founders of the … More

Leaked FinFisher presentation details toolkit’s spying capabilities

F-Secure’s Mikko Hypponen has shared several interesting slides from a presentation that displays the wide range of capabilities offered by the FinFisher commercial spyware toolkit. Sold by UK-based Gamma Group International, the toolkit was apparently created by Martin J. Muench, one of the founders of the BackTrack pentesting Linux distribution and at the time its main developer. The presentation mentions FinUSB Suite, a special USB stick designed to covertly extract data from public and target … More

Week in review: Google Glass hacked, Bitcoin risks, and why we need security awareness training programs

Here’s an overview of some of last week’s most interesting news, reviews and articles: Info of 50M LivingSocial customers compromised following breach LivingSocial, the company behind the eponymous deal-of-the-day website, has confirmed that its computer systems have been breached by attackers and that user information such as names, email addresses, date of birth, and encrypted passwords have been compromised. SpamHaus DDoS suspect arrested in Spain The Spanish National Police has arrested a 35-year-old Dutch citizen … More