NSO Group was found to not only have exceeded its legal level of access to the WhatsApp servers and broken the terms of service with its Pegasus spyware, but to also have violated the US Computer Fraud and Abuse Act as well as California state law.
A security vulnerability that was initially documented as a Chrome bug is likely part of the attack chain employed by NSO Group's Pegasus spyware, and has been revised as a critical libwebp flaw in a new CVE ID filed by Google.
Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.
A FOIA request filed by the New York Times has led to the release of documents that show officials making a push to use Pegasus spyware in criminal investigations from late 2020 into mid-2021.
Numerous democracy activists opposed to the Thailand monarchy were targeted during a period of heavy protesting in 2020 and 2021, and had their phones infected with Pegasus spyware.
Pegasus spyware was used to track journalists, lawyers and activists in Jordan from 2019 to late 2021. Some specific incidents occurred on iPhones after Apple had sued NSO Group and removed exploits.
New report claims that Israeli police used the Pegasus spyware on the country's citizens, including opponents of then-president Benjamin Netanyahu and a number of other targets not under suspicion of a crime.
For nonprofits, it’s important to be aware and be protected from cybersecurity risks. While the core monetary focus of any nonprofit is always to helping those in need, some expense must be made on protecting nonprofits from hacking and cybercrime.
Extensive campaign involving the Pegasus spyware in El Salvador targeted at least 35 journalists and political activists from June 2020 to November 2021, with most of the country's major media outlets affected.
The fallout from the Pegasus spyware incident has prompted the Biden administration to issue a warning to the general public about commercial surveillance tools, offering advice for self-protection to journalists and dissidents.