Krebs on Security

MARCH 22, 2023

Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further. “At present, a large number of end users have complained on multiple social platforms,” reads a translated version of the DarkNavy blog post.

Malware 272

Malware eCommerce Mobile Media 272

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance 82

Surveillance Education Media Hacking 82

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. and 15.6 ( FINDMYPWN ), and 16.0.3 ( PWNYOURHOME ).”

Spyware 82

Spyware Surveillance Education Risk 82

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 80

Spyware Surveillance Artificial Intelligence Data breaches 80

BH Consulting

JANUARY 26, 2023

These are: The Digital Services Act The Digital Markets Act The EU Data Act The Data Governance Act The Artificial Intelligence (AI) Act In our previous blog series (part one and part two ) we discussed four of the five new Directives, and how they will affect organisations. What does 2023 have in store for us?

Artificial Intelligence 59

Artificial Intelligence Marketing Risk Education 59

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. ” reads the advisory published by Fortinet.

Authentication 97

Authentication Retail Surveillance Education 97

Security Affairs

MAY 18, 2023

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues: CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Please nominate Security Affairs as your favorite blog.

Surveillance 82

Surveillance Hacking Engineering Mobile 82

Malwarebytes

SEPTEMBER 27, 2023

On September 12, 2023 we published two blogs urging our readers to urgently patch two Apple issues which were added to the catalog of known exploited vulnerabilities by the Cybersecurity & Infrastructure Security Agency (CISA), and to apply an update for Chrome that included one critical security fix for an actively exploited vulnerability.

Spyware 135

Spyware Surveillance Mobile Software 135

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms.

Accountability 85

Accountability Phishing Financial Services Surveillance 85

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). In May 2023, the European Parliament voted a resolution ( 2023/2501 ) on the DPF.

Data privacy 83

Data privacy Surveillance Financial Services Government 83

Malwarebytes

FEBRUARY 28, 2024

The attackers, who targeted the MSP’s network from October 2023 to January 2024, silently monitored and manipulated the network for months, leveraging legitimate remote access tools like AnyDesk and TeamViewer and attempting to install malware like Remcos RAT and AsyncRAT. Detection of malware leveraging RMM tools.

Malware 83

Malware DNS Surveillance Backups 83

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 68

Spyware Ransomware Malware Data breaches 68

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 84

Data breaches DDOS Artificial Intelligence Ransomware 84

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” CVE-2023-0266 , a race condition vulnerability in the Linux kernel sound subsystem reachable from the system user and that gives the attacker kernel read and write access (0-day at time of exploitation). . ” concludes the report.

Spyware 81

Spyware Surveillance Firmware Internet 81

BH Consulting

FEBRUARY 15, 2024

In a blog to explain the changes, the company said that password best practice had evolved since 2018 when it last updated the requirements. The move was prompted by the pending Digital Markets Act There’s a strong overview of the surveillance technology landscape from privacy campaigner Johnny Ryan.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Security Affairs

MAY 22, 2023

The battle had roots in the past, precisely in 2013 when the privacy activist and NOYB founder, Max Schrems, filed a complaint about Facebook’s handling of his data following the revelations of Edward Snowden about the global surveillance program operated by the US. “The EDPB adopted its decision on 13 April 2023.”

Surveillance 76

Surveillance Data privacy Media Hacking 76

Security Affairs

APRIL 13, 2023

The top insider threat software products of 2023 Data Detection and Response (DDR) company Cyberhaven offers valuable insights into some of the top security tools designed with inside threats in mind.

Data privacy 87

Data privacy Risk Media Software 87

Hackology

NOVEMBER 11, 2023

The malicious app containing Kamran was available for download from the Hunza News website, and the developer certificate used to sign the app was issued on January 10, 2023. By allowing the spyware to access such personal information, users are putting themselves at risk of identity theft, financial fraud, and unauthorized surveillance.

Spyware 45

Spyware Malware Risk Mobile 45

DoublePulsar

APRIL 20, 2023

So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using Qakbot phishing to deliver hands on keyboard access for weeks — and question if the playbooks organisations are using to handle ransomware groups are fit for purpose in 2023.

Ransomware 126

Ransomware Government Data breaches Media 126

Thales Cloud Protection & Licensing

JANUARY 14, 2020

A barrage of news about data breaches, government surveillance, and corporate misconduct has soured consumer sentiment on current data practices privacy regulators and authorities strive to protect consumer rights and shape the future of data protection.

Data privacy 90

Data privacy IoT Data breaches Surveillance 90

SecureList

JUNE 20, 2023

In this blog post, we’ll discuss the results of a vulnerability research study focused on a popular model of smart pet feeder. These vulnerabilities could allow an attacker to gain unauthorized access to the device and steal sensitive information, such as video footage, potentially turning the feeder into a surveillance tool.

Firmware 91

Firmware Passwords Manufacturing Mobile 91

Malwarebytes

MAY 9, 2023

Timeline Our investigation started in September 2022, when one of our former coworkers Hossein Jazi discovered an interesting lure , that seemed to target some entities over the war context: Tweet published by @hjazi in September 2022 In fact, this is the attack that Kaspersky analyzed in its blog.

Surveillance 72

Surveillance Accountability DNS Encryption 72