2020, Information Security and Surveillance

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society. DanielMiessler) March 21, 2020. New: AI/surveillance company claims it's deploying 'coronavirus-detecting' cameras in the United States. The Real Internet of Things, January 2017.

Surveillance

Surveillance Government Education Engineering

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. from April 29, 2018, to May 10, 2020). ” reads the court document. ” The U.S.

Spyware

Spyware Surveillance Software Hacking

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. The tech giant announced that the update will be effective starting from August 11, 2020. The move aims at fighting the advertising of any form of surveillance. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Marketing

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Malware Hacking

Surveillance vendor exploited Samsung phone zero-days

Security Affairs

NOVEMBER 9, 2022

Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. ” reported the advisory.

Surveillance

Surveillance Spyware Mobile Manufacturing

Coronavirus-themed attacks April 12 – April 18, 2020

Security Affairs

APRIL 19, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 12 to April 18, 2020. Consumer reports received since January 2020 revealed that that approximately $12 million were lost due to Coronavirus-related scams, FTC says. Coronavirus-themed attacks April 05 – April 11, 2020. Pierluigi Paganini.

Scams

Scams Malware Phishing Surveillance

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. CVE-2020-9907 internally referred to as AveCesare. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. as a zero-day.

Surveillance

Surveillance Spyware Government Hacking

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Both groups have conducted long-running cyber-attacks and intrusive surveillance campaigns, which target both individuals’ mobile devices and personal computers.” Pierluigi Paganini.

Surveillance

Surveillance Mobile Malware Cyber Attacks

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

billion in 2020 and will grow to $16.1 Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018. But they have more disadvantages than benefits if we talk about ensuring information security. billion by 2025. Yes, they are cheap to apply.

Marketing

Marketing Software Surveillance Information Security

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

Security Affairs

APRIL 26, 2022

An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. While Russia was invading Ukraine in February, two unknown surveillance startups, Anomaly Six and Zignal Labs joined forces to provide powerful surveillance services. Motherboard reported that U.S.

Surveillance

Surveillance Mobile Government Media

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. .

Surveillance

Surveillance Malware Spyware Accountability

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

Privacy Shield framework in 2020. This breach involved highly sensitive information, including criminal records and medical details, marking it as one of the largest GDPR fines specifically tied to cross-border data transfers. government surveillance. Billion ($1.4 After the invalidation of the EU-U.S.

Data privacy

Data privacy Risk Surveillance Government

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Architecture Software

Experts released PoC exploit code for a critical RCE in QNAP NAS devices

Security Affairs

APRIL 13, 2021

The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online. “A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. . and 5.1.5.3.2.

Surveillance

Surveillance Hacking Information Security Malware

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Group. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 ” reads the report published by the researchers. and could hack Apple’s then-latest iPhone 11.

Hacking

Hacking Surveillance Spyware Government

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively.

Malware

Malware Surveillance Phishing Government

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” In 2020 and 2021, WhatsApp fixed three vulnerabilities — CVE-2020-1890, CVE-2020-1910, and CVE-2021-24041— that all involved how the app processes images.

Mobile

Mobile Marketing Spyware Surveillance

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

. “The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organizations and is an essential voice for human rights in the country. The company denied any involvement in the surveillance campaign attributed to the Donot Team APT.

Spyware

Spyware Surveillance Accountability Mobile

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Security Affairs

AUGUST 24, 2021

The iPhones of nine activists, including members of the Bahrain Center for Human Rights , Waad , Al Wefaq , were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain. ” concludes the report.

Spyware

Spyware Surveillance Hacking Mobile

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

The vulnerabilities were exploited in three different campaigns analyzed by the researchers, it is interesting to note that three out of four exploits were developed by the same surveillance firm, The fourth exploit ( CVE-2021-1879 ) was likely developed by a Russia-linked APT group. ” reads the post published by Google.

Surveillance

Surveillance Government Internet Internet

US pharmacy Rite Aid banned from operating facial recognition systems

Malwarebytes

DECEMBER 21, 2023

The regulator found so many flaws in the retailer’s surveillance program that it concluded Rite Aid had failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores. Notify consumers when their biometric information is used.

Surveillance

Surveillance Technology Retail Artificial Intelligence

Lorenz ransomware gang stolen files from defense contractor Hensoldt

Security Affairs

JANUARY 14, 2022

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, its revenue was 1.2 billion euros in 2020.

Ransomware

Ransomware Surveillance Mobile Encryption

Slovak police found wiretapping devices connected to the Govnet government network

Security Affairs

JUNE 10, 2020

“According to information from Denník N, the police seized suspicious equipment on individual servers from the environment of law enforcement agencies.” the Head of the NASES Surveillance Center Ján K., Security Section of the Office of the Deputy Prime Minister for investment and informatization Jan M.

Government

Government Surveillance Advertising Internet

Necro botnet now targets Visual Tools DVRs

Security Affairs

OCTOBER 12, 2021

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. This version of the Necro botnet also includes exploits for the following vulnerabilities: CVE-2020-15568 – TerraMaster TOS before 4.1.29

DDOS

DDOS Surveillance Hacking Internet

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. “This unlawful surveillance violates the right to privacy and stifles freedom of expression.” The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data.

Spyware

Spyware Government Surveillance Phishing

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. The initial charges are for previous hacking activities as the they date from September 2020.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Surveillance

Surveillance Engineering Advertising Authentication

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. federal court for illegally targeting its customers with the surveillance spyware Pegasus. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S.

Spyware

Spyware Surveillance Software Hacking

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars. “New cars are surveillance on wheels, sending sensitive passenger data to carmakers and police. ” continues Forbes.

Surveillance

Surveillance Technology Hacking Mobile

Swedish data protection authority rules against the use of Google Analytics

Security Affairs

JULY 5, 2023

Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance carried out by the US government.

Surveillance

Surveillance Government Risk Hacking

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Security Affairs

JANUARY 13, 2022

.” “MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS). According to the Congressional Research Service, the MOIS “conducts domestic surveillance to identify regime opponents.

Surveillance

Surveillance Malware Telecommunications Hacking

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

SEPTEMBER 13, 2021

The iPhones of nine activists, including members of the Bahrain Center for Human Rights , Waad , Al Wefaq , were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain. “We which confirmed they were investigating.”

Spyware

Spyware Surveillance Hacking Mobile

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs

NOVEMBER 24, 2020

Experts pointed out that while some of the collected information is “rather harmless,” data like the IMSI code can be potentially used to carry out malicious activities such as SIM Swapping attacks and surveillance. 19, 2020, while Baidu Maps remains unavailable globally.”

Data collection

Data collection Mobile Spyware Surveillance

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. reads the analysis published by Amnesty International in October. .

Spyware

Spyware Surveillance Mobile Advertising

Al Jazeera detected and blocked disruptive cyberattacks

Security Affairs

JUNE 11, 2021

” In December 2020, researchers from Citizen Lab reported that at least 36 employees of the Qatari news channel were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. .” Such attacks only increase Al Jazeera’s resolve to continue its bold and exemplary journalism.”

Cyber Attacks

Cyber Attacks Media Hacking Spyware

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

VPN

VPN Surveillance Advertising Ransomware

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

The Assembly would set up a committee of international experts in 2020 that will be tasked with elaborating “a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.”

Cybercrime

Cybercrime Surveillance Spyware Government

Russian national indicted for attempting to recruit Tesla employee to install malware

Security Affairs

SEPTEMBER 7, 2020

— Elon Musk (@elonmusk) August 27, 2020. The malware would provide Kriuchkov and co-conspirators, the malicious code was specifically designed to steal information from Tesla. The employee had more meetings with Kriuchkov that were surveilled by the FBI. Much appreciated. This was a serious attack.

Malware

Malware Advertising Surveillance Hacking

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Trending Sources

Google Responds to Warrants for “About” Searches

Google updates policies to ban any ads for surveillance solutions and services

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Surveillance vendor exploited Samsung phone zero-days

Coronavirus-themed attacks April 12 – April 18, 2020

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Israeli surveillance firm QuaDream emerges from the dark

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Increased GDPR Enforcement Highlights the Need for Data Security

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Experts released PoC exploit code for a critical RCE in QNAP NAS devices

Zero-day exploit used to hack iPhones of Al Jazeera employees

Operation Spalax, an ongoing malware campaign targeting Colombian entities

A WhatsApp zero-day exploit can cost several million dollars

Donot Team targets a Togo prominent activist with Indian-made spyware

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Google: four zero-day flaws have been exploited in the wild

US pharmacy Rite Aid banned from operating facial recognition systems

Lorenz ransomware gang stolen files from defense contractor Hensoldt

Slovak police found wiretapping devices connected to the Govnet government network

Necro botnet now targets Visual Tools DVRs

APT32 state hackers target human rights defenders with spyware

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Swedish data protection authority rules against the use of Google Analytics

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Baidu Android apps removed from Play Store because caught collecting user details

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Al Jazeera detected and blocked disruptive cyberattacks

Security Affairs newsletter Round 286

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Russian national indicted for attempting to recruit Tesla employee to install malware

Stay Connected