1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Spyware toolkit used by governments, hackers to break into Windows mac

    From TechnologyDaily@1337:1/100 to All on Fri Jul 16 10:45:03 2021
    Spyware toolkit used by governments, hackers to break into Windows machines

    Date:
    Fri, 16 Jul 2021 09:29:40 +0000

    Description:
    Microsoft and Citizien Lab researchers share details on new spyware that uses two zero-day Windows exploits.

    FULL STORY ======================================================================

    Cybersecurity experts have shared details about a mercenary spyware vendor that exploited at least a couple of zero-day vulnerabilities, which Microsoft patched in the July Patch Tuesday .

    Security experts from Microsoft Threat Intelligence Center (MSTIC) worked together with internet watchdog Citizen Lab to blow the lid off the Israel-based mercenary spyware company , Candiru, which sells spyware exploit toolkits exclusively to governments.

    Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets computers, phones, network infrastructure, and other devices. With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves, observes MSTIC in a blog post . TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

    Click here to start the survey in a new window << Protect your devices
    with these best antivirus software Here are the best ransomware protection tools Also check our list of the best endpoint protection tools

    While Citizen Lab directly identifies Candiru as the toolkit author,
    Microsoft has chosen to refer to it by its code-name Sourgum. Targeted
    spyware

    MSTIC and Citizen Lab say that Candiru/Sourgum used the zero-day
    vulnerability to craft a malware dubbed DevilsTounge.

    According to their investigation, DevilTounge infected at least a hundred human rights defenders, dissidents, journalists, activists, and politicians
    in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore.

    Citizen Lab identified a politically active victim in Western Europe and worked with it to recover a copy of DevilsTounge, which led to the discovery of the now-patched privilege escalation vulnerabilities, specifically tracked as CVE-2021-31979 and CVE-2021-33771.

    According to MSTICs breakdown of the spyware, in addition to standard malware capabilities including exfiltrating files, credentials, and other sensitive information, DevilsTounge is also designed to decrypt and exfiltrate conversations from the Signal messaging app, the preferred means of communication by activists to circumvent snooping. Heres our list of the best patch management tools and services



    ======================================================================
    Link to news story: https://www.techradar.com/news/spyware-toolkit-used-by-governments-hackers-to- break-into-windows-machines/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)