Schneier on Security

JANUARY 17, 2019

Zerodium -- and others -- sell exploits to companies who make surveillance tools and cyber-weapons for governments. Many companies have bug bounty programs for those who want the exploit used for defensive purposes -- i.e., fixed -- but they pay orders of magnitude less. Note that these prices are for offensive uses of the exploit.

Marketing 207

Marketing Surveillance Government Software 207

Security Affairs

OCTOBER 11, 2021

.” Threat actors used WhatsApp messages to spread the malware, the account was associated with an Indian phone number that’s registered in the state of Jammu and Kashmir.Once installed, the spyware would allow attackers to take over the device, controlling camera and microphone, access to sensitive information stored on the devices (i.e.

Spyware 85

Spyware Surveillance Accountability Mobile 85

Security Affairs

FEBRUARY 11, 2021

Since 2018, the hackers started targeting mobile users with an Android surveillance malware ChatSpy. ” Both malware can exfiltrate a wide range of data, including Call logs, Contacts, Device metadata (i.e. ” Both malware can exfiltrate a wide range of data, including Call logs, Contacts, Device metadata (i.e.

Spyware 110

Spyware Surveillance Malware Mobile 110

CyberSecurity Insiders

MAY 27, 2021

For instance, the latest surveillance program of China came into the media limelight in 2020 where it was learned that the country was keeping a large section of people under the watchful eye of big brother to curtail crime using Artificial Intelligence.

Artificial Intelligence 94

Artificial Intelligence Surveillance Government Technology 94

Security Affairs

FEBRUARY 9, 2023

China Mobile and China Unicom), even though they do not provide any service to the device (i.e. The experts pointed out that also users that leave the country are exposed to surveillance, through the pre-installed software. The researchers also compared the preinstalled system apps on the Chinese (CN) and Global (e.g.,

Mobile 98

Mobile Malware Surveillance Spyware 98

Daniel Miessler

SEPTEMBER 4, 2020

Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism a while back, which I reviewed here. It’s not tech that’s the problem, and it’s not capitalism’s final bosses, i.e. monopolies. I highly recommend it. The problem is much worse—human desire combined with progress. A triviality.

Surveillance 130

Surveillance Technology Government Healthcare 130

Security Affairs

MARCH 30, 2019

According to Motherboard, the Android surveillance malware on the Google Play store that was sold to the Italian government by a company that sells surveillance cameras. This company is not known to produce malware, and if confirmed this is the first surveillance software associated with it. ” continues the report.

Government 89

Government Malware Spyware Surveillance 89

Security Affairs

OCTOBER 12, 2021

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. dev/campaign.js ’ and injects this on the scripts and now it uses the DGA for its url, i.e., ‘DGA_DOMAIN/campaign.js’.

DDOS 95

DDOS Surveillance Hacking Internet 95

Security Affairs

APRIL 13, 2022

The experts discovered the issues while deploying the TUG autonomous mobile robots in a hospital, they noticed an anomalous HTTP network traffic of an elevator to a server containing information about the hospital (i.e. map of the building), the status of the robots, video and pictures collected by the TUG systems, and more.

Mobile 130

Mobile Hacking Firmware Surveillance 130

IT Security Guru

SEPTEMBER 9, 2021

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak. .

Mobile 61

Mobile Surveillance Architecture Government 61

Security Affairs

NOVEMBER 26, 2021

The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e. AndroidUpdate,, Telegram). The spyware is delivered to specific users via SMS text messages containing download links.

Spyware 94

Spyware Social Engineering Surveillance Engineering 94

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. The vulnerabilities were disclosed during the Hardwear.io

Firmware 87

Firmware Penetration Testing Manufacturing Authentication 87

The Last Watchdog

SEPTEMBER 18, 2018

Typical unstructured data includes a long list of files—emails, Word docs, social media, text files, job applications, text messages, digital photos, audio and visual files, spreadsheets, presentations, digital surveillance, traffic and weather data, and more. The main difference between the two is organization and analysis.

Unstructured Data 158

Unstructured Data Ransomware Encryption Technology 158

Security Affairs

JULY 9, 2022

” The recent wave of sophisticated attacks against Apple users (i.e. Apple plans to introduce a security feature, called Lockdown Mode , to protect its users against “highly targeted cyberattacks.”

Spyware 119

Spyware Mobile Hacking Technology 119

Security Affairs

APRIL 29, 2019

.” In response to user privacy concerns, the airline decided to cover every camera in entertainment systems, but pointed out that their purpose was not the surveillance of the passengers. The company explained that the presence of the cameras could open for future applications for business and entertainment (i.e.

Manufacturing 64

Manufacturing Advertising Surveillance Technology 64

CyberSecurity Insiders

JULY 22, 2021

Chine Foreign Ministry has issued a public statement condemning the distribution and usage of Pegasus Spyware surveillance software by various countries. Now, to those uninitiated, Israel-based NSO Group developed Pegasus surveillance software that was meant for government organizations to spy on criminal suspects.

Surveillance 145

Surveillance Spyware Software Government 145

Adam Levin

OCTOBER 24, 2018

Meanwhile, the dings and indignities visited on the surveillance economy (i.e., The by now familiar privacy fails at Facebook (think: Cambridge Analytica) and Google (think: the most secretive company on Earth), have not touched Amazon, which has yet to have any epic fails, or even much in the way of mass consumer grumbling.

Advertising 152

Advertising Retail Surveillance Insurance 152

SecureWorld News

AUGUST 8, 2022

Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. Maintain offline (i.e., Qakbot can also be used to form botnets. Remcos installs a backdoor onto a target system. Enforce MFA.

Malware 80

Malware Banking Penetration Testing Healthcare 80

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance 127

Surveillance Mobile Spyware Malware 127

Malwarebytes

JANUARY 26, 2022

“Google also uses dark patterns in ‘in-product’ prompts to enable Google Account settings—i.e., “The truth is that contrary to Google’s representations it continues to systematically surveil customers and profit from customer data.”

Accountability 100

Accountability Surveillance Mobile Advertising 100

Security Affairs

SEPTEMBER 12, 2019

The scary part of the story is that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries. Since S@T Browser implements a series of STK instructions (i.e.

Hacking 108

Hacking Mobile Spyware Manufacturing 108

Security Affairs

JULY 28, 2018

The social media giant was restricting the access to its application programming interfaces (APIs) that allows developers to automate the interactions with the platform (i.e. . — jack (@jack) March 1, 2018. Tweet posting).

Advertising 48

Advertising Accountability Surveillance Media 48

Security Affairs

JULY 22, 2022

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. The post Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists appeared first on Security Affairs. stylishblock[.]com). ” concludes the report.

Spyware 91

Spyware Surveillance Antivirus Malware 91

DoublePulsar

APRIL 20, 2023

Here’s a writeup from Kroll on a typical Black Basta incident: Qakbot has been around for many years, and is under heavy surveillance by both commercial CTI providers and independent security researchers. They will investigate “IT incidents” and unclear “cyber incidents”… as they might be something interesting, i.e. not ransomware.

Ransomware 124

Ransomware Government Data breaches Marketing 124

Security Affairs

SEPTEMBER 28, 2019

The scary part of the story is that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries. language, radio type, battery level, etc.).

Hacking 90

Hacking Mobile Risk Advertising 90

Privacy and Cybersecurity Law

JULY 26, 2021

How did the Garante quantify the administrative sanction? Unlike other European data protection authorities, the Garante has not adopted a methodology for quantifying the sanctions to be applied for violations of data protection legislation.

Retail 52

Retail Surveillance Data collection Technology 52

Notice Bored

OCTOBER 14, 2021

typically using specified encryption schemes (i.e. One way flows or a mutual, bilateral or multilateral exchange of information. Formal business reporting between the organisation and some third party, such as the external auditors, stockholders, banks or authorities. Encryption of data and/or of network links, storage media etc.

Information Security 56

Information Security Risk Media Encryption 56

Krebs on Security

JUNE 17, 2020

The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data detailing the CIA’s capabilities to perform electronic surveillance and cyber warfare. more compartmentalizing) to keep them from becoming a serious security liability.

Data breaches 292

Data breaches Security Awareness Surveillance Media 292

McAfee

MAY 20, 2021

This subject has become increasingly important following the Schrems II decision and its requirement that organizations when processing personal data must ensure their privacy is not put at risk and subject to governmental surveillance when shared across borders. While localisation does offer some protections (i.e. 6] [link]. [7]

Surveillance 60

Surveillance VPN Internet Internet 60

CyberSecurity Insiders

MARCH 15, 2021

Unfortunately, the servers operating at the smart city project were targeted by a ransomware attack on February 26th,2021 resulting in severe losses to the company managing the project i.e. Tech Mahindra.

Ransomware 65

Ransomware Surveillance Technology Encryption 65

Security Affairs

DECEMBER 2, 2022

Naturally, threat actors follow the trend and exploit the technology for surveillance, payload delivery, kinetic operations, and even diversion. Further considerations must be taken to secure onboard storage of the drone, ensure routes drones travel are relatively safe (i.e., free from obstacles, sparsely populated, etc.)

Cybersecurity 133

Cybersecurity Wireless Computers and Electronics Penetration Testing 133

Security Affairs

OCTOBER 12, 2019

Since S@T Browser implements a series of STK instructions (i.e. Adaptive Mobile revealed that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries. ” read a FAQs page published by the experts.

Mobile 108

Mobile Surveillance Technology Advertising 108

SecureList

JANUARY 20, 2022

Finally, the user mode malware reaches out to a hardcoded C&C URL (i.e. While previous UEFI firmware compromises (i.e. It’s worth noting that most of the ScrambleCross shellcodes (loaded by both StealthMutant and StealthVector) reached out to the same server (i.e. hxxp://mb.glbaitech[.]com/mboard.dll) ns.glbaitech[.]com)

Firmware 144

Firmware Malware Encryption Passwords 144

Malwarebytes

DECEMBER 1, 2021

Provides account (i.e. User activity on WeChat has been known to be analyzed, tracked and shared with Chinese authorities upon request as part of the mass surveillance network in China. This means that the encryption keys are stored only on the clients themselves and no one, not even Viber itself, has access to them.

Encryption 145

Encryption Computers and Electronics Backups Accountability 145

Notice Bored

JUNE 23, 2022

The wording implies a neat binary measure i.e. each control is either implemented or not implemented. 27003 tells us the RTP can include other useful content i.e.: Risk owner(s); Casually hinting at what can be a very useful governance approach and risk management mechanism - except the hint is so subtle as to be easily overlooked.

Risk 63

Risk Architecture Accountability InfoSec 63

Security Affairs

NOVEMBER 29, 2019

One of the trends related to the active confrontation between attackers has been hacking back, i.e. when attackers become the victims of hacking. If they manage to compromise a telecommunications company, they can then also compromise its customers for surveillance or sabotage purposes. Internet destabilization at state level.

Banking 82

Banking Telecommunications Marketing Internet 82

McAfee

DECEMBER 9, 2019

The EU Parliament argues that “the establishment of an ecosystem of trust in the development of AI technologies should be based on an appropriate data processing framework,” which implies full respect of the EU legal framework in concerning the protection of personal data, i.e., the GDPR.

Artificial Intelligence 57

Artificial Intelligence Cybersecurity Consumer Protection Marketing 57