"Two Human Rights Watch staff members based in Jordan have been repeatedly targeted with advanced surveillance spyware, Human Rights Watch said today. The targeting, which violates their right to privacy, began in October 2022 and succeeded briefly in infecting one of their mobile phones.
The same spyware was also used to target the devices of at least 33 Jordanian and Jordan-based journalists, activists, and politicians between 2019 and September 2023, according to an Access Now report, released on February 1, 2024, that relied on a forensic investigation conducted jointly with the Canadian academic research center, Citizen Lab. The investigation found traces of Pegasus spyware in their mobile devices, with some devices infected multiple times. The analysis could not determine which government initiated the attacks."
Ron Deibert is a Canadian professor of political science, a philosopher, an author, and the founder of the renowned #CitizenLab, situated in the Munk School of Global Affairs at the University of Toronto.
He is perhaps best known to readers for his research on targeted surveillance, which won the Citizen Lab a 2015 EFF Award.
The Citizen Lab (@citizenlab) & Google Threat Analysis Group has disclosed a new targeted spy campaign that utilizes newly disclosed zero day in iOS. These zero days contain a privilege escalation flaw in the OS kernel along with a WebKit flaw allows attackers to install spyware & snoop on victim devices.
Citizen Lab & Google urges iPhone & iPad users to update to iOS 17.0.1 as soon as possible.
The commercial spyware industry is thriving. More 0days, y'all.
"Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device."
"In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible."
I'm not a huge believer in coincidence to this degree. Obviously only speculation at this point, but would be interesting to know what you think, #Infosec fam.
I usually write this blog 5-6 days/week, but every now and again, I take a break, and when I do, I get massive link backlogs of stuff I want to write about, but lack the time to address in depth. When that happens, I turn my Saturday edition into a #linkdump. Today, I present the sixth in the series - here's the other five:
Which is all to say: I have tickets for the Talking Heads event at TIFF and I could not be more excited.
Continuing on the Canadian theme, one of the annual highlights of Canadian media is the #MasseyLectures, a series of public lectures given around the country and rebroadcast on #CBC. These are always great, but recent years have been superb - @rondeibert's 2020 series was unmissable: