Dear AfNOG-er,<div><br></div><div>Hope this email finds you in good health!</div><div><br></div><div>Le dimanche 29 mai 2022, Loganaden Velvindron <<a href="mailto:loganaden@gmail.com">loganaden@gmail.com</a>> a écrit :<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/" target="_blank">https://blog.google/threat-<wbr>analysis-group/protecting-<wbr>android-users-from-0-day-<wbr>attacks/</a><br>
<br>
Interesting read.<br>
<br></blockquote><div><br></div><div><br></div><div>Hi Logan,</div><div>Thanks for sharing, brother!</div><div><br></div><div>Indeed!</div><div>Please, allow me to paste a piece of it below:</div><div><br></div><div><paste></div><div><p dir="ltr">"We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below. Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.</p>
<p dir="ltr">The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem. Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.</p>
<p dir="ltr">Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors."</p><p dir="ltr"></paste></p><p dir="ltr">__<br>
<a href="https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/#:~:text=We%20assess%20with%20high%20confidence%20that,surveillance%20capabilities%20to%20government%2Dbacked%20actors">https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/#:~:text=We%20assess%20with%20high%20confidence%20that,surveillance%20capabilities%20to%20government%2Dbacked%20actors</a>.</p></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can anyone comment on this ?<br>
<br></blockquote><div><br></div><div><br></div><div>...i think, it's time for our government's agencies to</div><div> adopt a FLOSS (Free/Libre Open Source Software)</div><div> mindset; for a start...imho!</div><div><br></div><div>Shalom,</div><div>--sb.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>[...]</blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br></blockquote></div><br><br>-- <br><p>Best Regards !<br>__<br>baya.sylvain[AT cmNOG DOT cm]|<<a href="https://cmnog.cm/dokuwiki/Structure">https://cmnog.cm/dokuwiki/Structure</a>><br>Subscribe to Mailing List: <<a href="https://lists.cmnog.cm/mailman/listinfo/cmnog/">https://lists.cmnog.cm/mailman/listinfo/cmnog/</a>><br>__<br>#LASAINTEBIBLE|#Romains15:33«Que LE #DIEU de #Paix soit avec vous tous! #Amen!»<br>#MaPrière est que tu naisses de nouveau. #Chrétiennement<br>«Comme une biche soupire après des courants d’eau, ainsi mon âme soupire après TOI, ô DIEU!»(#Psaumes42:2)<br><br></p>