Apple has sent a warning to people targeted by mercenary spyware in 98 countries.

In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks.

The message sent to the affected users says:

> “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.”

In the same message, Apple says that it is very likely that the person in question is being specifically targeted because of what they do or who they are. And, although there is a certain margin of error, the user should take this warning seriously.

Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. Pegasus is one of the world’s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices.

On the website that explains Apple threat notifications and protection against mercenary spyware, it specifically mentions Pegasus:

> “According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group.”

Apple has sent out similar notifications multiple times a year since 2021 but doesn’t disclose how it determines who to send them to, since that might aid attackers in evading future detection.

Amnesty International urges those that have received such a notification to take it seriously. Amnesty’s Security Lab offers digital forensic support to potential victims like human rights defenders, activists, journalists and members of civil society.

If you are a member of civil society, and you have received an Apple notification, you can contact Amnesty International and request forensic support using the Get Help form.

Whether you’ve received that notification or not, every iPhone user should make sure they have the latest updates, protect the device with a passcode, use multi-factor authentication and a strong password for Apple ID, only install apps from the Apple Play store, use a mobile security product, and be careful what they open or tap on.

People that have reason to believe they might be individually targeted by mercenary spyware attacks, can enable Lockdown Mode on their Apple devices for additional protection.

Lockdown Mode does the following:

*   Blocks most message attachments
*   Blocks incoming FaceTime calls from people you have not called previously
*   Blocks some web technologies and browsing features
*   Excludes location from shared phots and removes Shared Albums
*   Blocks wired connections when the device is locked
*   Blocks auto-joining non-secure WiFi networks
*   Blocks incoming invitations from people you have not previously invited
*   Blocks installation of configuration profiles you may require for work or school

**How to turn on Lockdown Mode on iPhone or iPad**

1.  Open the **Settings** app.
2.  Tap **Privacy & Security**.
3.  Scroll down, tap **Lockdown Mode.**
4.  Tap **Turn On Lockdown Mode**.
5.  Read what it does and tap **Turn On Lockdown Mode** if that is what you want.
6.  Tap **Turn On & Restart**, then enter your device passcode.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

**Summer mega sale**

Go into your vacation knowing you’re much more secure: This summer you can get a huge **50% off a Malwarebytes Standard subscription** or **Malwarebytes Identity bundle**. Run, don’t walk!

 iPhone users in 98 countries warned about spyware by Apple 

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication.
Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0.
"Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"

Router Security / Vulnerability

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication.

Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0.

"Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device," according to a description of the flaw shared by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC).

Also patched by the Taiwanese company is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS score: 7.2) that could be weaponized by remote attackers with administrative privileges to execute arbitrary commands on the device.

In a hypothetical attack scenario, a bad actor could fashion CVE-2024-3080 and CVE-2024-3079 into an exploit chain in order to sidestep authentication and execute malicious code on susceptible devices.

Both the shortcomings impact the following products -

*   ZenWiFi XT8 version 3.0.0.4.388\_24609 and earlier (Fixed in 3.0.0.4.388\_24621)
*   ZenWiFi XT8 version V2 3.0.0.4.388\_24609 and earlier (Fixed in 3.0.0.4.388\_24621)
*   RT-AX88U version 3.0.0.4.388\_24198 and earlier (Fixed in 3.0.0.4.388\_24209)
*   RT-AX58U version 3.0.0.4.388\_23925 and earlier (Fixed in 3.0.0.4.388\_24762)
*   RT-AX57 version 3.0.0.4.386\_52294 and earlier (Fixed in 3.0.0.4.386\_52303)
*   RT-AC86U version 3.0.0.4.386\_51915 and earlier (Fixed in 3.0.0.4.386\_51925)
*   RT-AC68U version 3.0.0.4.386\_51668 and earlier (Fixed in 3.0.0.4.386\_51685)

Earlier this January, ASUS patched another critical vulnerability tracked as (CVE-2024-3912, CVSS score: 9.8) that could permit an unauthenticated remote attacker to upload arbitrary files and execute system commands on the device.

Users of affected routers are advised to update to the latest version to secure against potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

By Waqas
Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from…
This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from this cyber deception.

Contextual AI platform CloudSEK’s latest research report reveals a concerning trend of widespread misuse of NSO Group’s Pegasus spyware name, leveraged by threat actors on the dark web for monetary gains, with almost all identified samples being fraudulent. 

This development aligns with Hackread’s recent report on Apple’s warning about “mercenary spyware” attacks on April 10, 2024. The tech giant revealed how such attacks affect iPhone users in 92 countries, highlighting that state actors or private companies could create mercenary spyware, like Pegasus.

Apple notification sent in April 2024

****What is Pegasus Spyware?****

Pegasus is a powerful and invasive spyware linked to serious attacks on journalists, activists, and even government officials. It can steal data, track locations, and even activate phone microphones for eavesdropping.

After Apple’s advisory, CloudSEK researchers started analyzing Dark and Deep Web sources for incidents involving the NSO Group names and Pegasus spyware. They analyzed 25k Telegram posts, over 150 potential Pegasus sellers, 15 samples, and 30+ indicators from HUMINT and underground platforms. 

Their analysis revealed that threat actors were offering fraudulent Pegasus source code, tools, and scripts for hundreds of thousands of dollars, with most posts often following a standard template where illicit services were offered as Pegasus and other NSO Tools to make money.

“Threat actors created their own tools and scripts, distributing them under Pegasus’ name to capitalize on its notoriety for financial gain,” report author Anuj Sharma explained.

For instance, Deanon ClubV7, a TG group, obtained legitimate access to Pegasus and offered permanent access for USD 1.5 million. Within two days, they sold four accesses, bringing in $6,000,000.

The most propagated samples were Pegasus HVNC (Hidden Virtual Network Computing), with six unique samples posted on the deep web between May 2022 and Jan 2024, offered for “hundreds of thousands of dollars.”

Two among several examples that researchers shared in their technical report

Researchers also noted that actors are spreading malware to compromise users’ devices, using Pegasus’ name to persuade them to download malicious programs. The misuse of surface web code-sharing platforms was also observed, where actors were spreading fake, randomly generated source code as Pegasus Spyware.

****Don’t be duped by the name****

The incident highlights how scammers can use Pegasus’ source code as a scheme to distribute custom-built malware. If you encounter a suspicious offer, don’t respond to emails, or messages, or click on the links provided. Report the incident to the platform where it occurred or a trusted cybersecurity organization.

1.  Fake Voicemails Target Users, 1000 Attacks in 14 Days
2.  OpenSSF Warns: Fake Maintainers Targeting JavaScript Projects
3.  Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
4.  iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware
5.  Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices

Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

By Waqas
Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control.
This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed

Kaspersky researchers have identified multiple security vulnerabilities in Cinterion cellular modems, which could potentially be exploited by threat actors to access sensitive information and execute arbitrary code.

These vulnerabilities pose significant risks to critical communication networks and IoT devices across various sectors, including industrial, healthcare, automotive, financial, and telecommunications.

The most severe vulnerability, CVE-2023-47610 (CVSS score: 8.1), is a heap overflow flaw that allows remote attackers to execute arbitrary code by sending a specially crafted SMS message. This access could be further exploited to manipulate RAM and flash memory, granting attackers more control over the modem without requiring authentication or physical access.

Other vulnerabilities discovered by Kaspersky stem from security lapses in handling MIDlets, Java-based applications running within the modems. These flaws could be abused to bypass digital signature checks and allow unauthorized code execution with elevated privileges.

Cinterion modems, initially developed by Gemalto, became part of Telit after its acquisition from Thales in a deal announced in July 2022. These findings were unveiled during OffensiveCon in Berlin on May 11, 2024. The full list of vulnerabilities disclosed by Kaspersky includes:

*   CVE-2023-47610 (CVSS score: 8.1)
*   CVE-2023-47611 (CVSS score: 7.8)
*   CVE-2023-47612 (CVSS score: 6.8)
*   CVE-2023-47613 (CVSS score: 4.4)
*   CVE-2023-47614 (CVSS score: 3.3)
*   CVE-2023-47615 (CVSS score: 3.3)
*   CVE-2023-47616 (CVSS score: 2.4)

Jason Soroko, Senior Vice President of Product at Sectigo, emphasized the importance of these findings, stating, _“_Cinterion integrated modems are used in the supply chain of many IoT devices to allow data access by cellular communication and the vulnerabilities that are being reported are mostly about flaws in memory management that could lead to unauthorized code execution, not just for attackers in the physical possession of the device._“_

_“_There is also a remote attack potential via a carefully crafted SMS message. These are the highest priority vulnerabilities that organizations and security teams need to be aware of,_“_ he warned.

As Cinterion modems are widely used in IoT devices across various industries, organizations and security teams must be aware of these vulnerabilities and take necessary measures to mitigate the risks associated with them.

Kaspersky’s findings show the importance of robust security practices and regular vulnerability assessments in ensuring the safety and integrity of critical communication networks and IoT devices.

1.  Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers
2.  “LeakyCLI” Vulnerability Leaks AWS and Google Cloud Credentials
3.  LiteSpeed Cache Plugin Vulnerability Affects 1.8M WordPress Sites
4.  TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
5.  New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

All that needs to happen is, the victim receives an iMessage with an attachment containing a zero-click exploit. “Without any further interaction, the message triggers a vulnerability, leading to code execution for privilege escalation and providing full control over the infected device,” says Boris Larin, principal security researcher at Kaspersky's Global Research & Analysis Team.

Once the attacker establishes their presence on the device, he says, the message is automatically deleted.

**Rise of Pegasus**

The most prominent and well-known spyware is Pegasus, made by Israeli firm NSO Group to target vulnerabilities in iOS and Android software.

Spyware only exists because of vendors such as NSO Group, which claims it sells exploits to governments only to hunt criminals and terrorists. “Any customers, including governments in Europe and North America, agree not to disclose those vulnerabilities,” says Richard Werner, cybersecurity advisor at Trend Micro.

Despite NSO Group’s claims, spyware has continued to target journalists, dissidents, and protesters. Saudi journalist and dissident Jamal Khashoggi’s wife, Hanan Elatr, was allegedly targeted with Pegasus before his death. In 2021, _New York Times_ reporter Ben Hubbard learned his phone had been targeted twice with Pegasus.

Pegasus was silently implanted onto the iPhone of Claude Magnin, the wife of the political activist Naama Asfari, who was jailed and allegedly tortured in Morocco. Pegasus has also been used to target pro-democracy protesters in Thailand, Russian journalist Galina Timchenko, and UK government officials.

In 2021, Apple filed a lawsuit against NSO Group and its parent company to hold it accountable for “the surveillance and targeting of Apple users.”

The case is still ongoing, with NSO Group attempting to dismiss the lawsuit, but experts say the problem is not going to go away as long as spyware vendors are able to operate.

David Ruiz, senior privacy advocate at security firm Malwarebytes, blames “the obsessive and oppressive operators behind spyware, who compound its danger to society.”

**The Spyware Drain**

If you think you may be targeted by spyware, there are only a few useful things you can do. First, enable Apple's Lockdown Mode, which disables certain features but is surprisingly usable and can protect your iPhone from getting infected in the first place. Second, if you suspect your device is already infected, helplines are available to aid you in removing spyware, such as Access Now’s Digital Security Helpline and Amnesty International’s Security Lab.

Detecting spyware can be extremely challenging—and for sophisticated spyware like Pegasus, discovering an infection on your own is all but impossible. There are less-sophisticated types of spyware that can cause unusual behavior, such as your battery draining quickly, unexpected shutdowns, or high data usage could be indicative of some types of infections, says Javvad Malik, lead security awareness advocate at security training organization KnowBe4. While specific apps claim to spot spyware, their effectiveness can vary, and professional assistance is often necessary for reliable detection, he says.

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit `runAsUser` attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified `mustRunAsNonRoot: true`, the kubelet will refuse to start the container as root. If the pod did not specify `mustRunAsNonRoot: true`, the kubelet will run the container as uid 0.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2019-11245

**Kubelet Incorrect Privilege Assignment**

Moderate severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

**Package**

gomod k8s.io/kubernetes/cmd/kubelet (Go)

**Affected versions**

\>= 1.14.0, < 1.14.3

\>= 1.13.0, < 1.13.7

**Patched versions**

1.14.3

1.13.7

**Description**

Published to the GitHub Advisory Database

Apr 24, 2024

Last updated

Apr 24, 2024

GHSA-r76g-g87f-vw8f: Kubelet Incorrect Privilege Assignment

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

Source: Robert Brown via Alamy Stock Photo

The US State Department is imposing visa restrictions on 13 people involved in the development and sale of commercial spyware, as well as their spouses and children. 

"These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and US government personnel," according to a press statement from the department issued yesterday. It's the first implementation on a spyware-related visa-restriction program announced in February.

Visa restrictions mean that the State Department can deny entrance to the United States for any of the people placed under the order. The move is the latest in a series of efforts by the government to combat the commercial spyware used by authoritarian governments, which it says constitutes a human rights abuse. NSO Group's infamous Pegasus mobile tracking tool, for instance, has been involved in a series of attacks on civil society by repressive regimes, the US has alleged.

Other efforts have included restrictions on the US government's own use of commercial spyware, export controls and sanctions, and private-public threat intelligence partnerships.

**About the Author(s)**

US Gov Slaps Visa Restrictions on Spyware Honchos

Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.

After months of delays, the US House of Representatives voted on Friday to extend a controversial warrantless wiretap program for two years. Known as Section 702, the program authorizes the US government to collect the communications of foreigners overseas. But this collection also includes reams of communications from US citizens, which are stored for years and can later be warrantlessly accessed by the FBI, which has heavily abused the program. An amendment that would require investigators to obtain such a warrant failed to pass.

A group of US lawmakers on Sunday unveiled a proposal that they hope will become the country’s first nationwide privacy law. The American Privacy Rights Act would limit the data that companies can collect and give US residents greater control over the personal information that is collected about them. Passage of such legislation remains far off, however: Congress has attempted to pass a national privacy law for years and has thus far failed to do so.

Absent a US privacy law, you’ll need to take matters into your own hands. DuckDuckGo, the privacy-focused company famous for its search engine, now offers a new product called Privacy Pro that includes a VPN, a tool for having your data removed from people-search websites, and a service for restoring your identity if you fall victim to identity theft. There are also steps you can take to wrench back some of the data used to train generative AI systems. Not all systems out there offer the option to opt out of data collection, but we have a rundown of the ones that do and how to keep your data out of AI models.

Data collection isn’t the only risk associated with AI advancements. AI-generated scam calls are becoming more sophisticated, with cloned voices sounding eerily like the real thing. But there are precautions you can take to protect yourself from getting swindled by someone using AI to sound like a loved one.

Change Healthcare’s ongoing ransomware nightmare appears to have gotten worse. The company was originally targeted by a ransomware gang known as AlphV in February. But after the hackers received a $22 million payment early last month, a rift appeared to grow between AlphV and affiliate hackers, who say AlphV took the money and ran without paying other groups that helped them carry out the attack. Now, another ransomware group, RansomHub, claims it has terabytes of Change Healthcare’s data and is attempting to extort the company. Service disruptions caused by the ransomware attack have impacted healthcare providers and their patients across the US.

That’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The streaming video service Roku warned customers Friday that 576,000 accounts had been compromised, a breach it discovered in the midst of its investigation of a far smaller-scale intrusion that it dealt with in March. Roku said that rather than actually penetrating Roku’s own network through a security vulnerability, the hackers had carried out a “credential-stuffing” attack in which they tried passwords for users that had leaked elsewhere, thus breaking into accounts where users had reused those passwords. The company noted that in less than 400 cases, hackers had actually exploited their access to make purchases with the hijacked accounts. But the company nonetheless reset users’ passwords and is implementing two-factor authentication on all user accounts.

**Apple Notifies Users of Mercenary Spyware Infections**

Apple sent notices via email to users in 92 countries around the world this week, warning them that they had been targeted by sophisticated “mercenary spyware” and that their devices may be compromised. The notice stressed that the company had “high confidence” in this warning and urged potential hacking victims to take it seriously. In a status page update, it suggested that anyone who receives the warning contact the Digital Security Helpline of the nonprofit Access Now and enable Lockdown Mode for future protection. Apple didn’t offer any information publicly about who the hacking victims are, where they’re located, or who the hackers behind the attacks might be, though in its blog post, it compared the malware to the sophisticated Pegasus spyware sold by the Israeli hacking firm NSO Group. It wrote in its public support post that it’s warned users in a total of 150 countries about similar attacks since 2021.

**CISA Warns Federal Agencies to Look Out for Russian Hackers Stealing Emails**

April continues to be the cruelest month for Microsoft—or perhaps Microsoft’s customers. On the heels of a Cybersecurity Review Board report on Microsoft’s previous breach by Chinese state-sponsored hackers, the Cybersecurity and Infrastructure Security Agency (CISA) published a report this week warning federal agencies that their communications with Microsoft may have been compromised by a group known as APT29, Midnight Blizzard, or Cozy Bear, believed to work on behalf of Russia’s SVR foreign intelligence agency. “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” CISA said in the emergency directive. As recently as March, Microsoft said that it was still working to expel the hackers from its network.

**When a Ransomware Hacker Calls a Victim Company’s Front Desk**

As ransomware hackers seek new ways to bully their victims into giving in to their extortion demands, one group tried the novel approach of calling the front desk of the company it had targeted to verbally threaten its staff. Thanks to one HR manager named Beth, that tactic ended up sounding about as threatening as a clip from an episode of _The Office_.

TechCrunch describes a recording of the conversation, which a ransomware group calling itself Dragonforce posted to its dark-web site in a misguided attempt to pressure the victim company to pay. (TechCrunch didn’t identify the victim.) The call starts like any tedious attempt to find the right person after calling a company’s publicly listed phone number, as the hacker waits to speak to someone in “management.”

Eventually, Beth picks up and a somewhat farcical conversation ensues as she asks that the hacker explain the situation. When he threatens to make the company’s stolen data available for “fraudulent activities and for terrorism by criminals,” Beth responds “Oh, ok,” in an altogether unimpressed tone. She then asks if the data will be posted to “Dragonforce.com.” At another point, she notes to the increasingly frustrated hacker that recording their call is illegal in Ohio, and he responds, “Ma’am, I am a hacker. I don’t care about the law.” Finally, Beth refuses to negotiate with the hacker with a “Well, good luck,” to which the hacker responds, “Thank you, take care.”

Roku Breach Hits 567,000 Users

By Deeba Ahmed
Apple has issued iPhone security alerts to 92 countries, stating that their devices have been targeted by a mercenary spyware attack, expressing high confidence in the warning.
This is a post from HackRead.com Read the original post: iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks

Apple has issued security alerts to millions of iPhone users across 92 countries, stating that their devices are being targeted by mercenary spyware. The alerts suggest that the attack is likely targeting users based on their identity or activities.

Apple has been informing users of threats for years, targeting journalists and politicians in over 150 countries since 2021. Some users have found invasive Pegasus spyware on their iPhones, created by Israeli spyware maker NSO Group. However, the company hasn’t provided any official numbers in the current case.

Apple’s threat notification (Read Apple’s updated statement here)

****Apple Requests Users to Take It Seriously!****

As reported by The Economic Times, Apple has stated in the warning email that the attack is likely targeted due to specific characteristics or actions, urging users to take it seriously.

A targeted mercenary spyware attack could remotely access sensitive data, communications, or even the camera and microphone, according to Apple’s threat notification email.

Despite the Indian government’s opposition to security alerts by Apple, India is among the countries affected by this issue, and it’s unclear if US iPhone owners were targeted, as Apple hasn’t provided any further details.

Apple has sent multiple alerts to over 150 countries since 2021 and it previously sued Israeli firm NSO Group for aiding adversaries in targeting iPhone users. Moreover, Apple has been releasing iOS updates to address potential spyware attacks, often as emergency security measures, especially when an iPhone flaw is already being exploited.

If you have received this notification, remember that Apple has dedicated a page to offer guidance on changing passwords and enabling two-factor authentication to enhance security.

****What are Mercenary Attacks?****

Mercenary attacks are targeted spyware attacks, which are a unique type of cyberattacks that targets specific individuals based on their profession, social status, or access to sensitive information. They use sophisticated spyware, like Pegasus, to infiltrate devices and gather vast amounts of data.

These attacks, are expensive and require extensive resources to execute. Mercenary attacks are rare and complex cybercrimes, costing millions and targeting a small number of people worldwide, according to a company email.

Brian Higgins, security specialist at Comparitech commented on the issue. _“_There have been enough periodic Pegasus activations in recent years for those who are regularly targeted to hopefully have some kind of response or mitigation plans in place,_“_ he said.

_“_Most often journalists and activists in jurisdictions of risk are targeted as they are vulnerable to intervention, prosecution and attack by the regimes they challenge – and data harvested in these breaches can facilitate all of these activities,_“_ Brain warned.

_“_It’s rather a disappointing buck-passing exercise for Apple to direct them to a third party, non-profit Security Helpline, given the history of implications for individual targets in previous incidents. You’d think as proprietors of a vulnerable platform, they would offer to help out themselves._“_

1.  Apple Issues Urgent Security Patches for Zero-Day Flaws
2.  iLeakage Attack: Theft of Data from Apple’s Safari Browser
3.  QuaDream, Israeli iPhone hacking spyware firm, to shut down
4.  Fake Lockdown Mode Exposes iOS Users to Malware Attacks
5.  iPhone Spyware Exploits Obscure Chip Feature, Hits Researchers

iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks

Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it’s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021.

Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. Pegasus is one of the world’s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices.

The second number became known when Apple changed the wording of the relevant support page. The change also included the title that went from “About Apple threat notifications and protecting against **state-sponsored attacks**” to “About Apple threat notifications and protecting against **mercenary spyware**.”

If you look at the before and after, you’ll also notice an extra paragraph, again with the emphasis on the change from “state-sponsored attacks” to “mercenary spyware.”

The cause for the difference in wording might be because “state-sponsored” is often used to indicate attacks targeted at entities, like governments or companies, while these mercenary attacks tend to be directed at individual people.

The extra paragraph specifically calls out the NSO Group and the Pegasus spyware it sells. While the NSO Group claims to only sell to “government clients,” we have no reason to take its word for it.

Apple says that when it detects activity consistent with a mercenary spyware attack it uses two different means of notifying the users about the attack:

*   Displays a Threat Notification at the top of the page after the user signs into appleid.apple.com.
*   Sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

Apple says it doesn’t want to share information about what triggers these notifications, since that might help mercenary spyware attackers adapt their behavior to evade detection in the future.

The NSO Group itself argued in a court case started by Meta for spying on WhatsApp users, that it should be recognized as a foreign government agent and, therefore, be entitled to immunity under US law limiting lawsuits against foreign countries.

NSO Group has also said that its tool is increasingly necessary in an era when end-to-end encryption is widely available to criminals.

**How to stay safe**

Apple advises iPhone users to:

*   Enable Lockdown mode.
*   Keep devices up to date.
*   Protect devices with a passcode.
*   Use Multi-Factor-Authentication (MFA) for your Apple ID.
*   Only install apps from the App Store.
*   Use strong and unique passwords online.
*   Don’t click on links or attachments from unknown senders.

We’d like to add:

*   Use an anti-malware solution on your device.
*   If you’re not sure about something that’s been sent to you, verify it with the person or company via another communcation channel.
*   Use a password manager.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Tag

#asus