If you use Wi-Fi on your iOS device, get this security update
The tech giant says there is a new cyber threat, but has taken steps to thwart the attack. According to the reports, “Apple has now issued a critical security patch for all iOS devices and for Mac computers against a potential hack that could come remotely via Wi-Fi.”
The virus is being considered a potentially serious threat, so the company is urging users to install the updates to protect their devices.
The latest cyber threat is also a risk to Android device users, but Google has taken steps as well to block the virus.
“The vulnerability also has the potential to attack Android devices, but Google issued its own security patch earlier this month.”
Microsoft is rolling out a host of new email security features for Office 365 later this quarter, as it looks to thwart hackers and criminals.
‘Insider spoofing’ or faking the CEO’s email address to trick the CFO into transferring millions to criminal bank accounts is big business. Now Microsoft is using big data and reputation filters to try and squish the threat.
According to the FBI, between October 2013 and August 2015, 7,066 US businesses have fallen prey to ‘business email compromise’, netting criminals an estimated $747m.
Non-US victims lost a further $51m over the period, with the FBI estimating a 270 percent increase in identified victims since January 2015, when it first released figures about the threat category.
As Microsoft notes, when a corporate email domain is spoofed, it makes it hard for existing filters to identify the bogus email as malicious.
However, Microsoft reckons it has achieved a 500 percent improvement in counterfeit detection using a blend of big data, strong authentication checks, and reputation filters in Exchange Online Protection for Office 365.
It’s also rolling out new phishing and trust notifications to indicate whether an email is from a known sender or if a message is from an untrusted source, and therefore could be a phishing email.
The company is also promising a faster email experience as it vets attachments for malware and new tools to auto-correct messages that are mis-classified as spam. The aim is to boost defences without impairing end-user productivity.
Malicious email attachments remain a popular way for attackers to gain a foothold in an organization and, as RSA’s disastrous SecurID breach in 2011 showed, a little social engineering can go a long way to ensuring someone opens it.
Microsoft’s new attachment scanner, called Dynamic Delivery of Safe Attachments, looks to reduce delays as it checks attachments for potential threats.
Currently it captures suspicious looking attachments in a sandbox with a ‘detonation chamber’ where it analyses it for malware in a process takes five to seven minutes.
Microsoft hasn’t figured out a faster way to analyse the attachment, but instead of holding up the email as it conducts the scan, it will send the body of the email with a placeholder attachment. If the attachment is deemed safe, it will replace the placeholder and if not, the admin can filter out the attachment.
The feature is part of Microsoft’s Office 365 Exchange Online Protection and Advanced Threat Protection services.
The company is also tackling false-positive spam, or legitimate messages that are mis-identified as spam, and vice versa, with a new feature called Zero-hour Auto Purge, which allows admins to “change that verdict”.
“If a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam,” Microsoft notes.
Microsoft is testing this approach with 50 customers and says it will be rolled out for all Exchange Online Protection global clients in the first quarter of 2016.
Have questions?
Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/
We have been alerted to a new Phishing scam that effects Quickbook and Intuit customers. Recently, Intuit published a security notice on their website warning customers of a Phishing scam which appears to be a direct email from Intuit’s customer service department using the domain of “intuit-solution”. This sender is not associated with Intuit nor is it an authorized agent of Intuit. If you receive an email from this domain or any other email that appears suspicious, do not click on any links or attachments, do not reply to the email and do not forward it to anyone. It is recommended that you delete the email. If you mistakenly click or have already clicked on a link or downloaded something from the email, immediately (1) delete the download (2) scan your system using an up-to-date anti-virus program and (3) change your passwords. If you experience any issues and are worried you may have fallen subject to this scam, contact South Jersey Techies for immediate support.
Phishing is a cybercrime aimed to lure individuals into revealing personal information or expose them to downloads of malware that will infect their computer and networks. Phishing baits will impersonate real companies. The imposters are getting harder to spot and not all phishing scams work the same way. You should never enter your username or password into a Login if you are not 100% confident of the source. These scams are designed to retrieve sensitive information such as SSNs, credit card information and user names and passwords.
Following basic safety tips can help you keep your information safe:
Protect your computer with anti-virus software.
Keep your browser up to date and install any updates as they are pushed.
Contact your bank and any other financial institutions you use if you are a victim of identity theft. Check with your credit reporting agencies often and spot check for any inconsistencies.
Report any suspicious emails to your technology provider or third-party vendor so they may be tracked and logged.
If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.
Did you know more than 90% of data breaches start with a phishingemail?
A successful ransomware attack can devastate any size organization. As examples from a recent survey, 50% of law firms, 42% of insurance brokers, 37% of non-profit organizations and 27% of retail companies lack a written incident response plan. And 34% said they don’t give employees phishing tests to determine their exposure to risk.
We have been actively recommending and implementing layers of security from the hosted level, firewall level, server level, computer level, policy level and now by the user level.
Organizations who have incident response plan (IRP) are able to respond more quickly and more effective than those without one. And for organizations in healthcare or financial services, having a plan may be required by law. If you don’t yet have an IRP, we can provide template plans for a variety of types of organizations and even can assist in writing one if need be.
We want to reduce your organization’s chance of experiencing a cybersecurity disaster by 70% security awareness training and provide an IRP if an attempt is made.
What is “phishing”?
Phishing emails look like they came from a person or organization you trust, but in reality they’re sent by hackers to get you to click on or open something that will give the hackers access to your computer.
Why are you at risk?
Hackers are actively targeting organizations because you have information that is valuable to them. Specifically, they may be interested in any type of valuable data, such as customer, patient, student, or employee data, intellectual property, financial account information, or payment card data. If one employee falls for a phishing attack, the systems the employee uses can potentially be accessed. (We can run a report on your account to assess phishing attempts per account, contact us if you are interested in obtaining this report)
How to spot a phishing email
Hackers have gotten clever in how they design the emails they send out to make them look legitimate. But phishing emails often have the following characteristics:
Ask you for your username and password, either by replying to the email or clicking on a link that takes you to a site where you’re asked to input the information.
Look like they come from the HR or IT Team
Have grammatical errors
Contain email addresses that don’t match between the header and the body, are misspelled (like @gmaill.com), or have unusual formats @company-othersite.com)
Have links or email addresses that show a different destination if you hover over them
Try to create a sense of urgency about responding
How can you prevent phishing emails?
Employees responding to phishing emails is still one of the biggest risks we see. Training your employees is an essential first step in making sure your data is never encrypted or held for ransom.
To help educate your employees about what to watch for, we’ve attached an employee tip sheet. You can download it HERE
The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) within DHS also have useful collections that include tip sheets. Click here.
In addition to tips we do have a solution that is a cloud-based training software that allows your business to train employees to aid with security awareness and phishing resistance. The platform allows us to setup and deliver simulated security threats and phishing incidents to educate and test employees. The training can be required and simulated emails will be sent, and if an employee falls for the threat testing, you would know and the employee can go through further testing. The cost is based per organization and is very reasonable. If there is an interest let us know.
Last year we started “hardening” in Microsoft 365 to prevent phishing email attempts as a preventative measure for protecting your accounts.
Similar to the “365 hardening” in #4 we have a new solution that is similar to the hardening but with more bells and whistles. The system works in an A.I. setup learning the types of emails you get and where they are coming from. Example. If you got an email from us regularly, but one email originated from a country in Europe not our usual IP address it would flag it. This system ties into 365 very nicely and even give the employees the ability to mark things phishing or safe, if needed. But once a message is marked safe the “outside email” banner will be removed for that email for the entire organization. The solution is a very reasonable cost per account, if there is an interest let us know.
I realized handing over my entire life to one platform had its downsides.
I deleted Google from my life, and I can show you how to do it, too.
After being a devoted Googler for many years, I realized putting all my data on one platform had its downsides. A couple of factors in particular drove me to make a clean break.
Deleting Google for privacy and security
The appeal of escaping Google comes down to privacy. Google collects an alarming amount of data about you. It’s safe to say that if you’re not a paying customer then you’re the product being sold, and that’s Google’s business model.
Security goes hand-in-hand with that. I’m sure Google’s servers are closely guarded, but I still didn’t want all my data to be concentrated in one place.
To Google’s credit, the company gives you tools to opt out of the give-us-your-private-data-for-our-services game altogether. We cover the basics in these two articles:
How to download your Google data so you can see what’s being recorded.
How to delete your Google data to protect yourself.
Deleting Google for social impact
Another reason to get rid of Google is make your choice as a consumer for a healthier, more responsible media. As a working journalist, I’m acutely aware that Google and Facebook jointly dominate the media distribution and discovery landscape. With no strong competitors to Google Search in particular, Google’s algorithms hold unprecedented sway over the discourse in our society.
The importance of search discovery means that publishers and journalists must write stories to match the queries typed in by readers. That means coverage is guided by readers’ preconceived notions about a news event, not by objective reporting. That’s a deeply disturbing state of affairs for any democratic society.
Google outwardly seems as dedicated to responsible stewardship as one could hope, but it’s still concerning enough to merit supporting alternatives and competitors.
How my Google-free experiment started
When I decided to drop Google, I had just left a full-time job at a company that used Google mail and other apps. I stopped using all Google products while I freelanced. Note: If you’re an Android user, this is basically a no-go. Fortunately, I use a combination of Windows PCs, Macs, and iOS devices, so I wasn’t trapped.
Everyone uses Google differently, but I focused on forgoing the services that are core to the experience: Gmail, Docs, Drive, Calendar, Maps, and Search.
Dropping Gmail was easier than expected. I tried Yahoo! Mail, but there were too many ads for my taste. The web interface for Apple Mail at icloud.com was just adequate. I found Microsoft’s overhauled Outlook web interface (and truly excellent mobile app) was the best alternative.
Apple’s iWork for iCloud lets you use its productivity applications and share content across devices.
Instead of Docs, I tried Office 365 and iWork for iCloud. I liked them both better than Docs because I prefer native apps to web apps, and because I think both have more elegant designs—especially iCloud. Apple’s iWork for iCloud is similar to Docs in that it’s online-only, and designed for collaboration. It also has a mobile app. Office 365 will be pretty familiar to anyone who’s worked with Office’s desktop versions.
It was also pretty easy to kick Drive to the curb. Cloud storage competitors abound. I always preferred Dropbox to Drive anyway because I find that its OS X and Windows apps are better-integrated into the OS’s normal file browsing experience. Google Drive feels like it’s meant to be a place to store documents and back up files, not seamlessly augment your local storage—even though it does that in some ways.
Dropbox’s file-sharing features are competitive and in some ways better than those in Google Docs.
Google Calendar has plenty of competition. This is a more personal choice, and people can get very attached—consider the furor when Microsoft shuttered Sunrise Calendar. On the other hand, it inspired us to find third-party alternative calendars, which could also replace Google Calendar.
What didn’t go well
I tried Apple Maps. I tried Waze. Google Maps is still the best.
I couldn’t quit everything Google offered so easily. Google Maps alternatives were a challenge. Your best bets are Waze or Apple Maps, but let’s be honest—they have nothing on Google Maps. Unlike Apple Maps, Waze has a web app, and powerful community-sourced data is its biggest selling point. But guess what? Google uses Waze’s data in Maps! So rather than gaining that feature, you’re just losing all the stuff Maps has that Waze doesn’t.
Google Search rules for a reason. The only two decent alternatives I found were Bing and DuckDuckGo.
Bing is as good or better than Google in many respects, but Google’s algorithms and semantic search win hands-down.
Bing is a strong competitor. Some features, like video search, are even better than what Google offers. But Bing’s algorithm and the semantic search show more cracks than Google’s do.
DuckDuckGo isn’t as full-featured, but it records no user data—that’s the primary selling point of the platform. Both search options were passable, but Google has nailed semantic search with a precision that no one else can touch.
Back in Google’s grasp
I lived Google-free for five months, compromises and all. Then I was hired at a new job that required me to use Google. I considered the experiment a success, to the point that I was dismayed to abandon it at the new gig.
Google has us in its grasp for good reason. Looking back at my life without it, I can honestly say some alternatives couldn’t compare. Your mileage may vary based on which services you value most. If you decide to delete Google from your life, too, let us know how it goes on our Facebook page.
Depending on how your Windows servers are configured, you may need to disable SSL v3.
Note that older versions of Internet Explorer may not have the TLS protocol enabled by default. If you disable SSL versions 2.0 and 3.0, the older versions of Internet Explorer will need to enable the TLS protocol before they can connect to your site.
For a Simpler Way to Disable the SSL v3 Protocol:
DigiCert is not responsible for any complications or problems if you decide to use this .zip file to disable the SSL v3 protocol on your server.
Log into your server as a user with Administrator privileges.
Download DisableSSL3.zip, extract the .zip file contents, and then double-click DisableSSL3.reg.
In the Registry Editor caution window, click Yes.
Restart server.
If you prefer to do it yourself, follow the steps in the instruction below.
Microsoft IIS: How to Disable the SSL v3 Protocol
Open the Registry Editor and run it as administrator.For example, in Windows 2012:
On the Start screen type regedit.exe.
Right-click on regedit.exe and click Run as administrator.
In the Registry Editor window, go to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
Name the key, SSL 3.0.
In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
Name the key, Client.
In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
Name the key, Server.
In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
Name the value DisabledByDefault.
In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
Name the value Enabled.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
Restart your Windows server.You have successfully disabled the SSL v3 protocol.
For instructions about disabling browser support for the SSL v3 protocol, see Disabling Browser Support for the SSL 3.0.
Business leaders must prepare for disasters made by man or Mother Nature with extensive, practiced recovery plans to avoid system shutdowns.
A Delta ground stop was lifted Monday morning following a 2:30 a.m. ET power outage in Atlanta that delayed and cancelled flights worldwide. Businesses should view this as a cautionary tale, highlighting the importance of quality data center power and disaster control systems.
Delta cancelled approximately 300 flights due to the outage. As of 10:30 a.m. ET, it operated 800 of its nearly 6,000 scheduled flights. However, Delta customers heading to the airport on Monday should still expect delays and cancellations, according to a press release. As inquiries are high and wait times are long, there may also be some lag time in the display of accurate flight status from the airline, it warned.
Last month, Southwest Airlines cancelled 1,150 flights after a system outage. Though the system came back online within the day, hundreds of flights were backlogged.
Based on recent research, it’s fair to say that what happened to Delta and Southwest could happen to a number of businesses. Some 57% of small and mid-sized businesses have no recovery plan in the event of a network outage, data loss, or other IT disaster, according to a Symantec study.
“Planning and executing disaster recovery exercises is something that should be done on a regular basis to find out these issues before they may be impactful,” said Mark Jaggers, a Gartner data center recovery and continuity analyst. “The issue, which was also the case with Southwest Airlines, is not planning for partial failure scenarios that are harder to get to the root cause of and work around.”
To avoid shutdowns like Delta’s, company data centers should have redundant power and networking, preferably from a grid and provider, respectively, that are completely independent from the primary ones, Jaggers said.
“Data centers are a huge piece of a disaster recovery plan,” said mission-critical facility management professional Christopher Wade. “To have a reliable infrastructure, you have to minimize single points of failure.” Business leaders should also ask about the experience levels of data center staff, as many of these companies are currently understaffed, Wade added.
Usually, large companies have a primary data center in one location and an alternate in another that is far enough away so the two do not experience the same disaster at the same time, said Roberta Witty, risk and security management analyst at Gartner.
“In today’s world, the business expectation is that you’re up and running quickly after a disaster,” Witty said. “The ‘always on’ driver is changing the way organizations deliver IT in general, and so they are building out their data centers to be more resilient.”
Faster recovery times
About 60% of organizations are moving to a recovery time objective of four hours or less, Witty said. Doing so successfully involves extensive planning. First, determine what business operations are mission critical. Then, consider factors that impact recovery time requirements, such as revenue loss, safety, and brand reputation, and build your recovery infrastructure accordingly. As more companies outsource data operations, a key consideration should be the third party’s ability to meet your recovery requirements, she added.
Crisis management practices, such as the procedures Delta used to notify management and deal with customer fallout, usually get exercised every quarter. “The more you practice your crisis management procedure and communicating with your workforce, customers, suppliers, and partners, the better off you are,” Witty said. “A plan that hasn’t been exercised is not a workable plan.”
Disaster recovery can’t be something a company reviews once a year, Witty said, but rather an ongoing part of every new project.
“Your recovery environment has to stay in sync with production, which is where a lot of organizations fail,” Witty said. “Build disaster recovery into a project lifestyle—whether it’s a new product or a change in management, you have to go back and revisit your recovery plans.”
The 3 big takeaways for readers
Delta experienced a massive networked service stoppage Monday morning after a power outage in Atlanta, which offers a lesson in disaster preparedness and recovery for other businesses and data centers.
About 57% of small and mid-sized businesses have no recovery plan in the event of a network outage, data loss, or other IT disaster, but these plans are key for mitigating natural and manmade disasters and keeping business operations running smoothly.
Companies should build crisis management and proper communication into all new projects and management changes to ensure consistency.
There’s plenty of free, effective anti-malware protection available. Just don’t let it push your browser around.
Although malware was once predicted to become extinct, it remains a constant threat. Thankfully, countless tools are available to help protect your PC against such security threats—including the popular (and free) anti-malware products on this list.
: AVG AntiVirus Free
AVG AntiVirus Free (Figure A) provides protection for your computer, your browser, and your mail client. Like many other free products, AVG AntiVirus Free tries to sell you a paid license, which includes an enhanced firewall, anti-spam protection, and a few other features.
Figure A
Although AVG AntiVirus Free seems to do a good job protecting systems against viruses, you have to be careful about the options you choose when installing and configuring this product. Otherwise, AVG will attempt to “hijack” your browser by installing AVG Web TuneUp, changing your search page, changing your new tab pages, and changing your home page.
2: Malwarebytes Anti-Malware Free
Malwarebytes Anti-Malware Free (Figure B) offers basic protection against malware. There are two main things I like about this app. First, unlike some of the other free anti-malware products, it doesn’t try to change your browser settings or install unwanted toolbars. Second, it has a clean and intuitive interface that doesn’t leave you guessing about what to do.
Figure B
The disadvantage to using Malwarebytes Anti-Malware Free is that unlike the premium version, it does not support real-time protection. You can scan your PC for malware at any time, but you won’t be alerted to infections in real time unless you upgrade to the paid version.
3: Avast Free Antivirus 2016
Avast Free Antivirus 2016 (Figure C) is probably the most comprehensive antivirus tool on this list. It offers 12 components, including Rescue Disk, Browser Cleaner, Web Shield, and File Shield. The installer lets you choose which components to install.
Figure C
During the hour or so that I used Avast Free Antivirus, it did not attempt to take over my browser or engage in any other obnoxious behavior. The software does, however, prominently display a warning message during the installation process telling you in no uncertain terms that Avast Free Antivirus 2016 collects personal information. At least it gives you a way to opt out of this data collection.
4: Panda Free Antivirus
Panda Free Antivirus (Figure D) is another free anti-malware solution that requires a bit of caution during the installation process—otherwise, Panda will install a browser toolbar and change your home page and your default search provider.
Figure D
The free version of Panda Antivirus offers real-time protection against malware, but it does try to get you to upgrade to the paid version. That version, which Panda refers to as the Pro Edition, adds a firewall, Wi-Fi protection, and VIP support.
5: YAC
YAC (Figure E) stands for Yet Another Cleaner and—you guessed it—it’s yet another free tool for blocking threats and removing malware from an infected system. It offers a simple, easy-to-follow interface, and it doesn’t try to hijack your browser (which is a personal pet peeve, in case you hadn’t noticed). In fact, the software gives you a way to lock your browser settings so that your preferred home page, default browser, and default search engine can’t be changed without your consent.
Figure E
In addition to its basic anti-malware capabilities, YAC includes some nice extras, such as a tool for speeding up your computer, an uninstaller, and an ad blocker. The primary disadvantage to using YAC is that you have to upgrade to the paid version if you want to receive real-time protection. Otherwise, you’ll have to initiate anti-malware scans manually.
Takeaway:Understanding Cloud Computing for technological infrastructures.
Cloud computing is the delivery of computing resources as a service over the Internet. The varieties of services offered are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) Desktop as a Service (DaaS) and Network as a Service (NaaS).
Scalability, fast provisioning and agility help all organizations, big and small, reach monetary growth.
There are a few major misunderstandings associated with joining the Cloud Computing revolution, such as:
It’s A Trend:
Cloud computing is a credible and efficient tool with longevity. If you use social media, eBay, Gmail or Online Banking, you are already using Cloud Computing.
It’s not as Secure:
Cloud computing is a significantly safe way to store, share and secure your data. Client’s are highly recommended to use the Cloud’s host-based firewall. Also available are host-based intrusion protection programs specialized for virtual machines and Cloud Clients
(Example – Trend Micro Deep Security or Symantec O3).
It’s Costly:
Even with the move to the cloud and monthly costs, organizations could save money long term on IT Management Services.
It’s Complicated:
There are many different types of Cloud Computing to choose from that should make executing hassle-free.
It’s only for Large Organizations:
The Cloud is not reserved for Large Organizations only. Virtual Desktop Infrastructure (SaaS or DaaS) can be a cost-effective solution for organizations of any size.
Changes are not strategic:
Plans are setup to acquire full benefits offered by Cloud Computing by integrating corporate strategy and technology with the advantage of using internal resources.
Cloud is inoperable if the Internet goes down:
Having another provider with a secondary connection is a logical setup for all companies. Most organizations already operate with a connectivity “safety net”.
To migrate your business to Cloud Computing, please visit BigBeagle.com
Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.
Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.
The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.
Apple credited the Citizen Lab researchers for finding the vulnerability.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krsti?, head of Apple Security Engineering and Architecture, said in a statement.
Krsti? said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.”
Still, security experts encouraged users to update their mobile devices for protection.
In a statement, NSO Group did not address the allegations, only saying, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.
In a lawsuit filed in 2019, Facebook accused NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp. (NSO Group disputed the allegations at the time.)
The proliferation of easy-to-use mobile hacking tools has given governments around the world a new and stealthy means of targeting adversaries. Sophisticated spyware made by NSO Group and other vendors has been reportedly used from Uzbekistan to Morocco.
The surge in spyware prompted a United Nations panel of human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN panel said the ban should remain in place until governments have “put in place robust regulations that guarantee its use in compliance with international human rights standards.”
