An analysis of WeChat's network protocol MMTLS finds that it is a modified version of TLS 1.3 and WeChat developers' changes to its cryptography add weaknesses
Key contributions — We performed the first public analysis of the security and privacy properties of MMTLS … X: @citizenlab , @thegrugq , @jsrailton , and @citizenlab X: @citizenl...
An analysis of WeChat's network protocol MMTLS finds that it is a modified version of TLS 1.3 and WeChat developers' changes to its cryptography add weaknesses
Key contributions — We performed the first public analysis of the security and privacy properties of MMTLS … X: @citizenlab , @thegrugq , @jsrailton , and @citizenlab X: @citizenl...
The US and Microsoft seize 107 websites used by Russian intelligence agents and their proxies in the US operating under Star Blizzard, a group active since 2016
Today, the United States District Court for the District of Columbia unsealed a civil action brought … Ben Johnson : 👏 I'm very proud that today, it was unveiled that the NGO-ISAC,...
Access Now and Citizen Lab: Russian spy agencies are using deep knowledge about opponents, reporters, and human rights groups to target them via phishing emails
Joseph Menn / Washington Post :
Access Now and Citizen Lab: Russian spy agencies are using deep knowledge about opponents, reporters, and human rights groups to target them via phishing emails
Traditional phishing attacks aimed to break into organizations advocating for Russian dissidents, among others.
Research details how vulnerabilities in signaling protocols used by mobile network operators for international roaming can be exploited to geolocate devices
Gary Miller / The Citizen Lab :
Researchers: the iPhone of Meduza owner Galina Timchenko was infected with Pegasus in Germany, the first known case of the tool being used against a Russian
Unclear is who planted the spyware while the founder of the Meduza news outlet was in Germany — The iPhone of a prominent Russian …
Apple releases macOS, iOS, iPadOS, and watchOS updates to address two zero-day flaws that Citizen Lab says were used to deliver NSO Group's Pegasus spyware
Apple releases macOS, iOS, iPadOS, and watchOS updates to address two zero-day flaws that Citizen Lab says were used to deliver NSO Group's Pegasus spyware
Apple released software updates on Thursday to address two zero-day vulnerabilities that researchers said were used …
Analysis: Tencent's Sogou Input Method, the top Chinese character inputting tool in China with 450M+ MAUs, had since-fixed data-leaking flaws in its encryption
An analysis of WeChat's tracking ecosystem using reverse engineering: the app records and tracks user behavior when executing Mini Programs, a privacy risk
The Citizen Lab : Twitter: @citizenlab Twitter: @citizenlab : 🚨NEW REPORT Should We Chat? Privacy in the WeChat Ecosystem. Report by @m0namon @2Pellaeon and Jeffrey Knockel finds ...
An analysis of Baidu, Bilibili, Bing, Douyin, Weibo, and other Chinese search platforms finds 60K censorship rules, implemented differently by each service
This report has an accompanying FAQ. — Key findings — Across eight China-accessible search platforms analyzed — Baidu …
Citizen Lab: in 2022, NSO Group deployed at least three new zero-click hacks against iPhones with iOS 15 and early versions of iOS 16; Apple fixed the flaws
This was an experiment by #apple around #iOS, without guarantees it would do anything. — But it did. — Concerned about security? … John Scott-Railton / @jsrailton@mastodon.soci...
Citizen Lab: NSO Group deployed at least three new “zero-click” hacks against iPhones with iOS 15 and early versions of iOS 16 in 2022; Apple fixed the exploits
SAN FRANCISCO — Israeli spyware maker NSO Group deployed at least three new “zero-click” hacks against iPhones last year …
Citizen Lab and Microsoft detail mercenary spyware from Tel Aviv-based QuaDream used to hack iOS 14-based iPhones of journalists, politicians, and an NGO worker
why didn't Apple warn us? Wall Street Journal : New Spyware Firm Said to Have Helped Hack iPhones Around the Globe Phil Muncaster / Infosecurity : New Zero-Click iOS Exploit Deploy...
Citizen Lab and Microsoft detail mercenary spyware from Tel Aviv-based QuaDream used to hack iOS 14-based iPhones of journalists, politicians, and an NGO worker
why didn't Apple warn us? Wall Street Journal : New Spyware Firm Said to Have Helped Hack iPhones Around the Globe Phil Muncaster / Infosecurity : New Zero-Click iOS Exploit Deploy...
Citizen Lab and Microsoft detail mercenary spyware from Tel Aviv-based QuaDream used to hack iOS 14-based iPhones of journalists, politicians, and an NGO worker
why didn't Apple warn us? Wall Street Journal : New Spyware Firm Said to Have Helped Hack iPhones Around the Globe Phil Muncaster / Infosecurity : New Zero-Click iOS Exploit Deploy...
Citizen Lab and Microsoft detail mercenary spyware from Tel Aviv-based QuaDream used to hack iOS 14-based iPhones of journalists, politicians, and an NGO worker
why didn't Apple warn us? Wall Street Journal : New Spyware Firm Said to Have Helped Hack iPhones Around the Globe Phil Muncaster / Infosecurity : New Zero-Click iOS Exploit Deploy...
Sources: in 2021, the phone of a US and Greek national who worked on Meta's security and trust team was infected with Predator spyware from an Athens-based firm
An investigation shows the CIA failed to secure its messaging system used by Iranian spies, often hidden within websites, leading to capture, torture, and death
The spy was minutes from leaving Iran when he was nabbed. — Gholamreza Hosseini was at Imam Khomeini Airport in Tehran in late 2010, preparing for a flight to Bangkok.