2019, Information Security and Surveillance

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Architecture Software

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance Spyware Software Advertising

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream.

Surveillance

Surveillance Spyware Government Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call. .

Surveillance

Surveillance Spyware Malware Mobile

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. Pierluigi Paganini.

Surveillance

Surveillance Software Spyware Hacking

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Then the attackers asked the victims to enable the installation of apps from unknown sources.

Surveillance

Surveillance Mobile Spyware Telecommunications

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:2015 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance CISO Information Security

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Surveillance

Surveillance Spyware Advertising Government

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Security Affairs

NOVEMBER 19, 2019

Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. SecurityAffairs – Android, CVE-2019-2234). The post CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance appeared first on Security Affairs.

Surveillance

Surveillance Manufacturing Advertising IoT

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

Security Affairs

MARCH 5, 2024

The surveillance software was also used to spy on U.S. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. Predator spyware is known for its extensive data-stealing and surveillance capabilities. government officials, journalists, and policy experts.

Spyware

Spyware Surveillance Government Technology

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:27017 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance Information Security

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

Surveillance

Surveillance Spyware Software Government

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. link] — Will Cathcart (@wcathcart) October 29, 2019.

Surveillance

Surveillance Technology Spyware Mobile

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:2015 and 27018:2019? An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification.

Manufacturing

Manufacturing Surveillance CISO Information Security

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

Unsupervised Learning: No. 233

Daniel Miessler

JUNE 15, 2020

vs. China, Hawkey Surveillance, COVID in August 2019, IBM Facial PR, Palantir NHS, Blockchain Misinformation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. THIS WEEK’S TOPICS: SMBleed, Republicans. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —.

Surveillance

Surveillance Technology Information Security

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019.

Spyware

Spyware Surveillance Hacking Government

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

The experts speculate the HOMAGE exploit was used since the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address. .

Spyware

Spyware Surveillance Government Software

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox). The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

Spyware

Spyware Surveillance Media Malware

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ExpressVPN published an official response that confirmed the accusation of the DoJ but that pointed out that the experts took part to the Project Raven before he joined to the company in 2019.

Surveillance

Surveillance VPN Hacking Cybersecurity

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Security Affairs

APRIL 25, 2020

The legal dispute between Facebook and NSO group continues even after the Israeli surveillance firm filed a motion to dismiss the case earlier this month. Now both companies are providing technical details requested by the cyber-security experts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Surveillance Advertising Mobile

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

The attacks on the Togolese activists started in December 2019 and lasted two months. “The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organizations and is an essential voice for human rights in the country. ” reads the post published by Amnesty.

Spyware

Spyware Surveillance Accountability Mobile

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Security Affairs

OCTOBER 18, 2019

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215, in Android. SecurityAffairs – CVE-2019-2215, zero-day).

Advertising

Advertising Surveillance Security Defenses Marketing

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Group. ” The KISMET exploit chain doesn’t work against iOS 14 and above because the new mobile iOS implements additional security protections.

Hacking

Hacking Surveillance Spyware Government

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. The mobile version of the surveillance software in the first stage of the infection leverages the exploits to get root access. ” reads the Amnesty’s report.

Spyware

Spyware Surveillance Mobile Advertising

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

MAY 14, 2019

Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device. The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software.

Spyware

Spyware Surveillance Mobile Software

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

SEPTEMBER 15, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ” DOJ also ordered the former intelligence employees to cooperate with the relevant department and FBI components; they are also condemned to a lifetime ban on future US security clearances.

Surveillance

Surveillance Hacking Government Cybersecurity

Stealth Soldier backdoor used is targeted espionage attacks in Libya

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. The researchers noticed that the Stealth Soldier infrastructure has some overlaps with infrastructure the The Eye on the Nile , a campaign that targeted journalists and human rights activists in Egypt in 2019.

Surveillance

Surveillance Malware Social Engineering Engineering

US whistleblower Edward Snowden received permanent residency by Russian authorities

Security Affairs

OCTOBER 23, 2020

In 2013, Edward Snowden shed the light on the mass surveillance program operated by the US government to spy on its citizens and allies. The man expressed his desire to return to the United States where he is considered a criminal and a threat to homeland security due to his revelation.

Surveillance

Surveillance Advertising Hacking Government

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against individuals and organizations of strategic interest to Teheran. ” The surveillance operations conducted by the APT group involved the distribution of Android malware such as VINETHORN and PINEFLOWER.

Surveillance

Surveillance Social Engineering Phishing Government

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

As a result, The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent). Yes, they are cheap to apply. They can be dynamic.

Marketing

Marketing Software Surveillance Information Security

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars. “New cars are surveillance on wheels, sending sensitive passenger data to carmakers and police.

Surveillance

Surveillance Technology Mobile Hacking

Trump secretly ordered cyber attacks against Iran missile systems

Security Affairs

JUNE 23, 2019

The United States launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. The military response to Iran, after the Iranian army has downed an American surveillance drone, started from the cyberspace. Trump (@realDonaldTrump) June 22, 2019. — Donald J.

Cyber Attacks

Cyber Attacks Surveillance Advertising Government

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. ” reads the report published by Amnesty International.

Spyware

Spyware Surveillance Mobile Advertising

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. ” reads the press release published by DoJ.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them. The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents.

Cybercrime

Cybercrime Surveillance Spyware Government

Security Affairs newsletter Round 241

Security Affairs

NOVEMBER 24, 2019

The best news of the week with Security Affairs. Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365. Tianfu Cup 2019 – 11 teams earned a total of 545,000 for their Zero-Day Exploits. CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance.

Data breaches

Data breaches Wireless Banking Advertising

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes. Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019.

Firmware

Firmware Spyware Surveillance Hacking

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. ” reads the paper published by the experts. Great Firewall Report experts revealed that recent versions of Shadowsocks (3.3.1

Firewall

Firewall Surveillance Internet Internet

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Evidence collected demonstrated that attackers exploited the CVE-2019-8506 flaw to execute malicious code in Safari. .” The iOS exploit chain used a framework based on Ironsquirrel to encrypt exploits delivered to the visitor’s browser. Google researchers pointed out that they were not able to retrieve the complete iOS chain.

Malware

Malware Media Surveillance Encryption

Iran denies attack against its infrastructure has ever succeeded

Security Affairs

JUNE 25, 2019

Last week, media reported that the United States has launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. link] — Al Jazeera News (@AJENews) June 24, 2019. surveillance drone, according to people familiar with the matter.” reported The Washington Post.

Surveillance

Surveillance Cyber Attacks Telecommunications Media

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

German authorities raid the offices of the FinFisher surveillance firm

Webinars

Trending Sources

Israeli surveillance firm QuaDream emerges from the dark

Webinars

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

EU officials were targeted with Israeli surveillance software

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Unsupervised Learning: No. 233

Pegasus spyware used to spy on a Polish mayor

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Researchers analyzed the PREDATOR spyware and its loader Alien

Why Edward Snowden is urging users to stop using ExpressVPN?

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Donot Team targets a Togo prominent activist with Indian-made spyware

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

Zero-day exploit used to hack iPhones of Al Jazeera employees

Unknown FinSpy Mac and Linux versions found in Egypt

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Stealth Soldier backdoor used is targeted espionage attacks in Libya

US whistleblower Edward Snowden received permanent residency by Russian authorities

Iran-linked APT42 is behind over 30 espionage attacks

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Trump secretly ordered cyber attacks against Iran missile systems

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Operation Spalax, an ongoing malware campaign targeting Colombian entities

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs newsletter Round 241

Second-ever UEFI rootkit used in North Korea-themed attacks

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Iran denies attack against its infrastructure has ever succeeded

Stay Connected