How sloppy OPSEC gave researchers an inside look at the exploit industry

cyberscoop.com/mobile-zero-day

“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.

The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”

HT @lorenzofb@twitter.com

Follow

@aral It should not come as a surprise to any penetration tester and security tester that one should always test on a separate, dedicated machine, and never ever on one's own machine.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!