Pegasus Spyware Infections Proliferate Across iOS, Android Devices Researchers have discovered seven new Pegasus spyware infections targeting journalists, government officials, and corporate executives that started several years ago and span both iPhone and Android devices, demonstrating that the range of the notorious spyware may be even greater than once thought. Researchers from iVerify discovered multiple devices compromised by Israeli company NSO Group's spyware via attacks initiated between 2021 and 2023 that affect Apple iPhone iOS versions 14, 15, and 16.6, as well as Android, they revealed in a blog post published on Dec. 4. The infections were discovered in May during a threat-hunting scan of 3,500 devices from iVerify users who opted in to the checks. Specifically, the investigation uncovered multiple Pegasus variants in five unique malware types across iOS and Android. The researchers detected forensic artifacts in diagnostic data, shutdown logs, and crash logs found on the devices. See more:

Dark Reading

Pegasus Spyware Proliferates Across iOS, Android Devices

The notorious spyware from Israel

#cybersecurity #pegasus #spyware

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries. This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering. It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum, and Q-safe, it had at least 8,000 user accounts globally, who paid anywhere between $1,360 and $1,700 in cryptocurrency for a Google Pixel phone and a six-month subscription to the service installed on it. See more:

The Hacker News

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol shuts down MATRIX, a criminal messaging service, seizing servers and €500K in cryptocurrency.

#cybersecurity #matrix

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Password policy must be strict enough to protect your systems, flexible enough for daily work, and precise enough to be enforced consistently. Let's explore five strategies for building a password policy that works in the real world. 1. Build compliant password practices 2. Review your existing password obligations 3. Create a policy based on real data 4. Put some muscle in your password policy 5. Create password standards that stick See more:

The Hacker News

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Learn 5 proven strategies to create effective, enforceable password policies that strengthen real-world security.

#cybersecurity #password #passwordpolicy