Information Security, Internet and Surveillance

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Security Affairs

FEBRUARY 7, 2023

The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. ” reads a statement sent by Caxxii to the Kyiv Post.”

Surveillance

Surveillance Internet Internet Government

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. appeared first on Security Affairs.

Surveillance

Surveillance Spyware Mobile Hacking

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Internet

Internet Internet Surveillance Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

The Real Internet of Things, January 2017. Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society. New: AI/surveillance company claims it's deploying 'coronavirus-detecting' cameras in the United States.

Surveillance

Surveillance Government Education Engineering

Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Security Affairs

JULY 15, 2021

Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue.

Spyware

Spyware Surveillance Manufacturing Government

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.

Surveillance

Surveillance Firmware Mobile Advertising

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. Thought leaders advise reducing or eliminating the use of these skeleton key-like accounts.

Surveillance

Surveillance IoT Accountability Passwords

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The exploits were used to install commercial spyware and malicious apps on targets’ devices. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware

Spyware Surveillance Mobile Education

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication DNS

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

Internet disruption in Russia coincided with the introduction of restrictions

Security Affairs

MARCH 12, 2021

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom.

Internet

Internet Internet Mobile Hacking

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet. ” concludes Google.

Spyware

Spyware Surveillance Government Software

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. SecurityAffairs – Kazakhstan, surveillance). ” states Tele2. Pierluigi Paganini.

Internet

Internet Internet Encryption Government

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance

Surveillance Computers and Electronics Encryption Government

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption

Encryption Government Artificial Intelligence Surveillance

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. ” reads the analysis published by Awake Security. The domains were found hosting several browser-based surveillance tools and malware. “Browsers have replaced Windows, MacOS, etc.

Surveillance

Surveillance Internet Internet Advertising

A consumer-grade spyware app found in check-in systems of 3 US hotels

Security Affairs

MAY 22, 2024

The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Daigle discovered the commercial surveillance software on the hotel check-in systems while investigating consumer-grade spyware (aka stalkerware ).

Spyware

Spyware Surveillance Software Internet

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. “We The politicians who inspired and commissioned these activities belong in prison.”

Spyware

Spyware Surveillance Hacking Government

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Security Affairs

AUGUST 2, 2022

At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits.

Spyware

Spyware Surveillance Banking Hacking

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. Anyway, it is not the only one.

Spyware

Spyware Hacking Ransomware Surveillance

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser engine. “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. .

Surveillance

Surveillance Government Internet Internet

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Reduce the number of systems that can be reached over internet using SSH.

Media

Media Accountability Telecommunications Government

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. In March 2021, hackers gained access to a security company’s surveillance cameras and live-streamed those video feeds from hospitals, jails, schools, police stations, gyms, and even Tesla.

IoT

IoT Cybersecurity VPN Internet

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

The Last Watchdog

SEPTEMBER 7, 2021

As articulated in previous blog posts, both the BRI and DSR initiatives have been strategically positioned to facilitate secure trade and gain initial global footholds to accomplish the “Made in China 2025” goal. Those providers will be discussed in detail in the following blog.

Government

Government Internet Internet Marketing

Denmark intel helped US NSA to spy on European politicians

Security Affairs

MAY 31, 2021

Danish Defense Intelligence Service (Danish: Forsvarets Efterretningstjeneste, FE) allowed the US National Security Agency (NSA) to tap into a primary internet and telecommunications hub in Denmark, the operation allowed the US intelligence agency to spy on the communications of European politicians. ” reported the BBC.

Telecommunications

Telecommunications Surveillance Internet Internet

An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it

Security Affairs

DECEMBER 23, 2022

The video of the attack was a previously unseen footage and came from surveillance cameras used by a major Israeli security organization. The Moses Staff group claimed it had hacked security cameras. We’ve been surveillance [sic] you for many years, at every moment and on each step.

Hacking

Hacking Surveillance Internet Internet

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

Does Apple really believe, for example, that NSO Group and its counterparts would find it easier to remotely enable spying on users of camera-lacking non-Internet-connected flip phones than on users of modern Apple devices? Flip phones are not totally immune from government surveillance and action either.).

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” ” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. ” concludes the report.

Spyware

Spyware Surveillance Firmware Internet

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. Despite the Cable & Wireless bought by Vodafone in July 2012, the Nigella surveillance access point remained active as of April 2013. Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.” and QTS 4.4.1. “QNAP® Systems, Inc.

Ransomware

Ransomware Internet Internet Firmware

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime

Cybercrime Surveillance Spyware Government

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Firewall

Firewall Surveillance Internet Internet

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks.

Passwords

Passwords Surveillance Manufacturing Accountability

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS

DDOS Hacking Spyware Surveillance

Breaking Down User Activity Monitoring Tools: Security and HR Perspectives

SecureWorld News

JANUARY 4, 2024

This agent gathers data about the user's actions, such as keystrokes, mouse clicks, application usage, and internet activity. The information is sent to a server for analysis. From an information security department's perspective, the more data collected on employee actions, the more effectively potential incidents can be investigated.

Data collection

Data collection Artificial Intelligence Surveillance Risk

Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Webinars

Trending Sources

NSA buys internet browsing records from data brokers without a warrant

Webinars

US NCSC and DoS share best practices against surveillance tools

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Expert found Russia’s SORM surveillance equipment leaking user data

Camera tricks: Privacy concerns raised after massive surveillance cam breach

An RCE in Annke video surveillance product allows hacking the device

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

European firm DSIRF behind the attacks with Subzero surveillance malware

Google Responds to Warrants for “About” Searches

Internet disruption in Russia coincided with the introduction of restrictions

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

3.5m IP cameras exposed, with US in the lead

Russia is going to disconnect from the internet as part of a planned test

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Snowden Ten Years Later

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Hundreds of malicious Chrome browser extensions used to spy on you!

A consumer-grade spyware app found in check-in systems of 3 US hotels

Pegasus spyware used to spy on a Polish mayor

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Austria investigates DSIRF firm for allegedly developing Subzero spyware

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Google: four zero-day flaws have been exploited in the wild

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

IoT and Cybersecurity: What’s the Future?

GUEST POST: How China’s updated digital plans impacts U.S. security and diplomacy

Denmark intel helped US NSA to spy on European politicians

An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Google TAG shares details about exploit chains used to install commercial spyware

Russian spies are attempting to tap transatlantic undersea cables

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

A flaw in Dahua IP Cameras allows full take over of the devices

FBI warns swatting attacks on owners of smart devices

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Breaking Down User Activity Monitoring Tools: Security and HR Perspectives

Stay Connected