Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. as a zero-day.

Surveillance 98

Surveillance Spyware Government Hacking 98

WIRED Threat Level

DECEMBER 24, 2021

It was a year of ransomware, surveillance, data breaches, and yes, more ransomware.

Surveillance 110

Surveillance Hacking Data breaches Ransomware 110

Naked Security

AUGUST 17, 2021

Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online.

Surveillance 141

Surveillance Hacking Internet Internet 141

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.”

Surveillance 105

Surveillance Software Spyware Hacking 105

Malwarebytes

MARCH 12, 2021

Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Swiss hacker and member of the hacking collective “APT-69420 Arson Cats,” Tillie Kottmann, claimed credit for the Verkada hack.

Hacking 116

Hacking Surveillance Computers and Electronics Accountability 116

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses. national security or foreign policy interests.

Surveillance 98

Surveillance Spyware Government Technology 98

Security Affairs

MAY 23, 2022

Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. We assess the exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different govt-backed actors. ” continues the report.

Spyware 145

Spyware Surveillance Government Banking 145

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. SecurityAffairs – hacking, Subzero malware). ” reads the report. £We

Surveillance 101

Surveillance Malware Authentication Accountability 101

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware 98

Spyware Surveillance Malware Government 98

Security Affairs

AUGUST 17, 2021

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. ” “CVE-2021-28372 poses a huge risk to an end user’s security and privacy and should be mitigated appropriately.

IoT 127

IoT Hacking Social Engineering Firmware 127

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. SecurityAffairs – hacking, Uyghurs). List of installed packages. Pierluigi Paganini.

Surveillance 98

Surveillance Spyware Malware Mobile 98

Security Affairs

NOVEMBER 8, 2021

Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. In the middle of September, the FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warned that nation-state APT groups were actively exploiting the CVE-2021-40539 flaw.

Healthcare 125

Healthcare Password Management Financial Services Surveillance 125

Security Affairs

NOVEMBER 18, 2024

government surveillance. Amazon: €746 Million ($781 Million), 2021 In 2021, Amazon received a hefty fine for failing to secure proper consent for advertising cookies. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, GDPR )

Data privacy 131

Data privacy Risk Surveillance Government 131

Security Affairs

DECEMBER 23, 2022

An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. In 2021, the group published footage on its Telegram channel of the surroundings of Israel’s Rafael defense contractor factory in Haifa, as well as footage from cameras throughout Israeli cities of Jerusalem and Tel Aviv.

Hacking 98

Hacking Surveillance Internet Internet 98

Security Affairs

APRIL 18, 2025

However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. “Around March 2021, 2025 , a campaign targeted government and private institutions in Poland and Romania. ” states Check Point.

Authentication 104

Authentication Surveillance Passwords Media 104

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability.

Spyware 98

Spyware Surveillance Mobile Education 98

Security Affairs

JULY 14, 2021

Below the list of the zero-day issues disclosed by the experts: CVE-2021-1879: Use-After-Free in QuickTimePluginReplacement CVE-2021-21166: Chrome Object Lifecycle Issue in Audio CVE-2021-30551: Chrome Type Confusion in V8 CVE-2021-33742: Internet Explorer out-of-bounds write in MSHTML.

Surveillance 145

Surveillance Government Internet Internet 145

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. Now a hacking group says they accessed thousands of live feeds from Verkada's cameras around the world. The Verkada camera hack: what happened?

Hacking 93

Hacking Surveillance Passwords Internet 93

SecureList

MAY 31, 2021

On March 2, Microsoft released out-of-band patches for four zero-day vulnerabilities in Exchange Server that are being actively exploited in the wild (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065). It then downloads and installs the miner. — Twitter Support (@TwitterSupport) July 31, 2020.

Malware 140

Malware Adware Encryption Architecture 140

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 138

Surveillance Government Hacking Encryption 138

SecureList

APRIL 27, 2021

This is our latest installment, focusing on activities that we observed during Q1 2021. In parallel, Volexity also reported the same Exchange zero-days being in use in early 2021. It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. The most remarkable findings.

Malware 145

Malware Government Spyware Social Engineering 145

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. The vulnerabilities in Google, Microsoft and Mozilla exploited by the company were fixed in 2021 and early 2022. SecurityAffairs – hacking, Variston). ” TAG concludes. Pierluigi Paganini.

Spyware 112

Spyware Surveillance Risk Internet 112

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware 134

Spyware Government Surveillance Media 134

Security Affairs

DECEMBER 1, 2021

The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The above document, dated to January 7, 2021, was obtained through a FOIA request filed by the US nonprofit organization Property of the People.

Encryption 145

Encryption Surveillance Hacking Information Security 145

Security Affairs

JUNE 11, 2021

“Al Jazeera Media Network was subjected to a series of cyber hacking attempts to penetrate some of its platforms and websites this week.” “Between June 5 and 8, 2021, Al Jazeera websites and platforms experienced continued electronic attacks aimed at accessing, disrupting, and controlling some of the news platforms.

Cyber Attacks 140

Cyber Attacks Media Hacking Spyware 140

Security Affairs

APRIL 14, 2021

WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. ” reads the analysis of researchers from Census Labs which reported one of the two issues(CVE-2021-24027). man-in-the-disk vulnerability under CVE-2021-24027.”

Mobile 114

Mobile Hacking Encryption Surveillance 114

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 98

Malware Banking Penetration Testing Healthcare 98

Security Affairs

DECEMBER 12, 2024

Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related to Ukrainian affairs, since October 2021.

Mobile 100

Mobile Malware Surveillance Social Engineering 100

Security Affairs

AUGUST 24, 2021

The iPhones of nine activists, including members of the Bahrain Center for Human Rights , Waad , Al Wefaq , were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain. ” concludes the report.

Spyware 98

Spyware Surveillance Hacking Mobile 98

Security Affairs

NOVEMBER 12, 2021

The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. SecurityAffairs – hacking, watering hole).

Malware 145

Malware Media Surveillance Encryption 145

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. SecurityAffairs – hacking, IP cameras).

Surveillance 145

Surveillance Manufacturing Internet Internet 145

Security Affairs

SEPTEMBER 19, 2021

link] — Edward Snowden (@Snowden) September 16, 2021. The surveillance it represents is completely antithetical to our mission.” SecurityAffairs – hacking, Snowden). Edward Snowden expressed concerns about the VPN service offered by ExpressVPN and has warned users to stop using it. ” reads the response.

Surveillance 145

Surveillance VPN Hacking Cybersecurity 145

Security Affairs

SEPTEMBER 13, 2021

Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858), the IT giant also warns its customers that these issues are actively exploited in attacks in the wild, come of which were reported by researchers from Citizen Lab. SecurityAffairs – hacking, Apple).

Spyware 114

Spyware Surveillance Hacking Mobile 114

Security Affairs

MARCH 3, 2023

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware 98

Spyware Surveillance Hacking Government 98

Security Affairs

MAY 6, 2022

QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. SecurityAffairs – hacking, QNAP).

Surveillance 98

Surveillance Hacking Software Cybersecurity 98

Security Affairs

OCTOBER 5, 2023

TechCrunch reported that a zero-day exploits for popular applications like WhatsApp “are now worth millions of dollars” TechCrunch obtained leaked documents that demonstrate that, as of 2021, a zero-click, zero-day exploit for the Android version of WhatsApp had a bounty between $1.7 and $8 million.

Mobile 142

Mobile Marketing Spyware Surveillance 142

Security Affairs

NOVEMBER 25, 2021

The campaign was first spotted in mid-September 2021 by ShadowChasing. aspx pic.twitter.com/fHsgAshCNc — Shadow Chaser Group (@ShadowChasing1) September 15, 2021. The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. docx URL: hxxp://hr.dedyn.io/word.html

Surveillance 114

Surveillance Social Engineering Ransomware Cybercrime 114