2023, Blog, Information Security and Surveillance

2023

Blog

Information Security

Surveillance

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance

Surveillance Malware Spyware Education

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware

Spyware Surveillance Mobile Education

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Apple fixed three new actively exploited zero-day vulnerabilities

Security Affairs

MAY 18, 2023

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues: CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Please nominate Security Affairs as your favorite blog.

Surveillance

Surveillance Hacking Engineering Mobile

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. ” reads the advisory published by Fortinet.

Authentication

Authentication Retail Surveillance Education

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). In May 2023, the European Parliament voted a resolution ( 2023/2501 ) on the DPF.

Data privacy

Data privacy Surveillance Financial Services Government

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms.

Accountability

Accountability Phishing Financial Services Surveillance

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware

Spyware Ransomware Malware Data breaches

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” CVE-2023-0266 , a race condition vulnerability in the Linux kernel sound subsystem reachable from the system user and that gives the attacker kernel read and write access (0-day at time of exploitation). .

Spyware

Spyware Surveillance Firmware Internet

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

The battle had roots in the past, precisely in 2013 when the privacy activist and NOYB founder, Max Schrems, filed a complaint about Facebook’s handling of his data following the revelations of Edward Snowden about the global surveillance program operated by the US. “The EDPB adopted its decision on 13 April 2023.”

Surveillance

Surveillance Data privacy Media Hacking

How to Combat Insider Threats

Security Affairs

APRIL 13, 2023

Fortunately, some great products are out there to help organizations get a handle on the insider threat problem and make inroads into securing their digital enterprise from the inside out.

Data privacy

Data privacy Risk Media Software

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. and 15.6 ( FINDMYPWN ), and 16.0.3 ( PWNYOURHOME ).”

Spyware

Spyware Surveillance Education Risk

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware

Spyware Surveillance Artificial Intelligence Data breaches

Cyber Security Informer

Iranian govt uses BouldSpy Android malware for internal surveillance operations

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Webinars

Apple fixed three new actively exploited zero-day vulnerabilities

Fortinet warns of a spike in attacks against TBK DVR devices

Navigating the EU-US Data Protection Framework

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Google TAG shares details about exploit chains used to install commercial spyware

EU hits Meta with $1.3 billion fine for transferring European user data to the US

How to Combat Insider Threats

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Stay Connected