Lifeboat Foundation

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

Exploit brokers and mercenary spyware providers have been in the spotlight recently, mainly due to revelations surrounding the use of the controversial Pegasus solution of Israeli company NSO Group.

One of NSO’s fairly new competitors is Intellexa, a company founded by Israeli entrepreneur Tal Dilian. The company claims on its website that it’s offering technologies that empower law enforcement and intelligence agencies to ‘help protect communities’. The company says it’s based in the EU and regulated, with six sites and R&D labs in Europe.

Google has launched its new Vulnerability Bounty Program for its open source software. The company will pay up to more than US$31,000 as an incentive to those who find bugs in its ecosystem and report them.

“Today we are launching the Open Source Software Vulnerability Rewards Program (OSS VRP) to reward vulnerability discoveries in Google’s open source projects. As responsible for major projects like Golang, Angular and Fuchsia, Google is among the largest contributors and users of open source in the world. With the addition of Google’s OSS VRP to our family of Vulnerability Bounty Programs (VRPs), researchers can now be rewarded for finding bugs that could potentially affect the entire open source ecosystem,” said Francis Perron, program manager. open source security technician, and Krzysztof Kotowicz, information security engineer, in a statement from Google.

Continue reading “Google will pay up to $31,000 to those who find vulnerabilities in its open source software” »

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Despite a massive increase in cybersecurity investments, companies saw data breaches for the first quarter of 2022 soar, even after reaching a historical high in 2021 according to the Identity Theft Resource Center (ITRC). Additionally, the ITRC report adds that approximately 92% of these breaches were linked to cyberattacks.

Phishing, cloud misconfiguration, ransomware and nation-state-inspired attacks ranked high for the second year in a row on global threats lists. So, why are attacks on the rise if more security solutions have been implemented? Should security investment shift its focus from reactive solutions to proactive strategies?

Although quantum computing is not commercially available, CISA (Cybersecurity and Infrastructure Security Agency) urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets.

The agency published a paper earlier in the week, calling for leaders to start preparing for the migration to stronger secret guarding systems, exploring risk mitigation methods, and participating in developing new standards.

Modern satellites are becoming a collection of mass-produced computers floating in space. By the end of the decade, thousands more will be out there. But with the increasing reliance on orbital technology comes a growing appetite for hacking it.

Data relayed via satellites is not immune to hacking. James Pavur, an Oxford PhD focusing on satellite systems security, has proven the above statement to be disturbingly evident. With his team, he used $300 worth of satellite TV equipment to intercept vast amounts of information distributed along the larger part of the Northern hemisphere.

Continue reading “Satellite hackers can see every email you get” »

It’s rare that Western disinformation efforts are discovered and exposed. This week, the Stanford Internet Observatory and social media analysis firm Graphika detailed a five-year operation that was pushing pro-Western narratives. The research follows Twitter, Facebook, and Instagram as they remove a series of accounts from their platforms for “coordinated inauthentic behavior.” The propaganda accounts used memes, fake news websites, online petitions, and various hashtags in an attempt to push pro-Western views and were linked to both overt and covert influence operations. The accounts, some of which appear to use AI-generated profile pictures, targeted internet users in Russia, China, and Iran, among other countries. The researchers say the accounts “heavily criticized” Russia following its nvasion of Ukraine in February and also “promoted anti-extremism messaging.” Twitter said the activity it saw is likely to have originated in the US and the UK, while Meta said it was the US.

#WesternPropaganda

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world.

Emerging Technologies on the Horizon.

Sharing the 10th Issue of my Security and Tech Insights newsletter! Please check it out and have a great weekend! #security #tech #emergingtechnologies #cybersecurity #innovation

Lawyers representing Elon Musk in his battle with Twitter have former CEO Jack Dorsey. The filing is the latest development as Musk and Twitter prepare for the October trial over Musk’s attempt to bail on his $44 billion deal to buy the company.

It’s not yet clear how Dorsey factors in to Musk’s legal strategy. As noted by the y Twitter account, the subpoena refers to “documents and communications reflecting, referring to, or relating to the impact or effect of false or spam accounts on Twitter’s business operations.” It also references documents related to how Twitter uses mDAU or monetizable daily active users as a “key metric.” Interestingly, it “documents relating to incorporating mDAU into executive or director compensation.”

Dorsey isn’t the only former Twitter executive subpoenaed by Musk. Twitter’s product chief and former head of revenue Bruce Falck have also received subpoenas.

Microsoft has shut down more than 1,400 malicious email accounts used by cybercriminals to collect stolen customer passwords via ransomware in the past year. The technology company has presented the second edition of ‘Cyber Signals’, a report that it produces periodically on cyber threats and that shows trends in security and cybercrime. In this issue, it offers insight into the evolution of extortion in cybercrime.

In this analysis, the company highlights that the specialization and consolidation of cybercrime have driven ransomware as a service (RaaS), which has become a dominant business model. RaaS programs, such as Conti or REvil, offer cybercriminals the opportunity to buy access to both ransomware payloads, leaked data and payment infrastructure.

Continue reading “Microsoft shuts down over 1,400 email accounts and 531,000 URLs used by ransomware gang that collected stolen customer credentials” »