New Android NoviSpy spyware linked to Qualcomm zero-day bugs
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. [...]
Journalists may handle sensitive sources, investigate cyber incidents, and face risks involving surveillance, phishing, and data exposure.
Search across headline titles and summaries.
Background for this topic.
Journalists gather, verify, and publish information, often handling unpublished documents, confidential source identities, and sensitive communications. Their security relevance is concentrated in protecting source confidentiality, editorial materials, accounts, and personal safety from targeted phishing, account takeover, device compromise, surveillance, or theft of stored data.
Useful controls include phishing-resistant multifactor authentication, prompt patching, encrypted communications and storage, strong separation between personal and reporting accounts, and careful handling of identifying metadata such as file histories and location data. Security planning should also cover source verification, secure transfer and deletion procedures, device and travel risks, and a response plan to revoke sessions, preserve evidence, assess exposed sources, and communicate through trusted channels after a suspected compromise.
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. [...]