Security Affairs

FEBRUARY 7, 2023

The stolen documents contain evidence of a dragnet surveillance activity conducted by the intelligence service FSB. According to collecting, Convex company launched a project code-named ‘Green Atom’ that aims to spy on Russian citizens by using surveillance equipment. System for Operative Investigative Activities’ ).

Surveillance 98

Surveillance Internet Internet Government 98

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 98

Surveillance Malware Spyware Accountability 98

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices.

Spyware 98

Spyware Surveillance Firmware Hacking 98

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. national security or foreign policy interests. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses.

Surveillance 98

Surveillance Spyware Government Technology 98

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware 98

Spyware Surveillance Mobile Education 98

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 137

Surveillance Government Hacking Encryption 137

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Surveillance software is used to spy on high-risk users, including journalists, human rights defenders, dissidents and opposition party politicians. ” reads the report published by Google.

Spyware 135

Spyware Surveillance Government Software 135

Security Affairs

DECEMBER 6, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks. CISA orders federal agencies to fix these vulnerabilities by December 26, 2023.

Surveillance 137

Surveillance Hacking Cybersecurity Risk 137

Security Affairs

NOVEMBER 30, 2023

Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web content to disclose sensitive information.

Surveillance 140

Surveillance Engineering Hacking Information Security 140

Security Affairs

DECEMBER 12, 2023

The flaw CVE-2023-42898 was discovered by Junsung Lee. Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Apple this week rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 16.7.3 and iPadOS 16.7.3

Surveillance 135

Surveillance Hacking Information Security 135

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. ” reads the report. ” continues the report. .” ” continues the report.

Ransomware 135

Ransomware Surveillance Healthcare Accountability 135

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. TODAY, 1 day later, Chrome has a fix out to protect users!!!

Surveillance 140

Surveillance Hacking Information Security 140

Security Affairs

SEPTEMBER 27, 2023

— Operation Zero (@opzero_en) September 26, 2023 The Russian company pointed out that the end user for its exploits is a non-NATO country, it also added that decided to increase the payout due to high demand on the market. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).

Mobile 141

Mobile Surveillance Marketing Hacking 141

Security Affairs

NOVEMBER 18, 2024

Billion), 2023 Meta’s record-breaking fine stems from its failure to safeguard data transfers between the EU and the U.S. government surveillance. Billion ($1.4 After the invalidation of the EU-U.S. This massive fine, the largest ever under GDPR, highlights the need for companies to adapt quickly to regulatory changes.

Data privacy 130

Data privacy Risk Surveillance Government 130

Security Affairs

SEPTEMBER 27, 2024

The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts to protect users globally from digital surveillance and censorship. Together, they offer a comprehensive solution for users facing surveillance or seeking access to the open web.

Surveillance 132

Surveillance Hacking Information Security 132

Security Affairs

SEPTEMBER 14, 2023

A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, was infected with the surveillance software. The investigation started on June 22, 2023, after Timchenko received a notification from Apple that state-sponsored attackers may be targeting her iPhone.

Spyware 133

Spyware Surveillance Media Government 133

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC.

Surveillance 135

Surveillance Hacking Cybersecurity Risk 135

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24.

Surveillance 129

Surveillance Software Engineering Passwords 129

Security Affairs

SEPTEMBER 22, 2023

Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. CVE-2023-41993 is an arbitrary code execution issue that resides in the Webkit.

Spyware 130

Spyware Surveillance Hacking Mobile 130

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware 127

Firmware Surveillance Authentication Manufacturing 127

Security Affairs

JANUARY 29, 2024

In early December, Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.

Surveillance 138

Surveillance DDOS Mobile Hacking 138

Security Affairs

FEBRUARY 22, 2023

Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531, that affect iOS, iPadOS , and macOS. An attacker can trigger the CVE-2023-23530 flaw to execute arbitrary code out of its sandbox or with certain elevated privileges. ” reads the advisory.

Surveillance 98

Surveillance Spyware Hacking Software 98

Security Affairs

OCTOBER 5, 2023

The surveillance market is literally exploding, intelligence agencies, law enforcement bodies and zero-day brokers are competing to buy exploits that can allow them to compromise devices and apps. It’s unclear if these patches fixed the flaws underlying the exploits that were on sale in 2021.”

Mobile 141

Mobile Marketing Spyware Surveillance 141

Malwarebytes

DECEMBER 21, 2023

The regulator found so many flaws in the retailer’s surveillance program that it concluded Rite Aid had failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores. The company also failed to inform consumers that it was using the technology in its stores.

Surveillance 112

Surveillance Technology Retail Artificial Intelligence 112

Security Affairs

OCTOBER 16, 2023

— Signal (@signalapp) October 16, 2023 The company also added that it has checked with the U.S. We take reports to security@signal.org very seriously, and invite those with real info to share it there. Government to determine if they were aware of a zero-day exploit for their platform.

Spyware 123

Spyware Surveillance Encryption Mobile 123

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. In December 2023, researchers from Proofpoint and IBM detailed a new wave of APT spear-phishing attacks relying on multiple lure content to deliver Headlace malware.

Malware 142

Malware Phishing Surveillance Internet 142

Security Affairs

SEPTEMBER 3, 2023

Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US Being Used to Phish So Many of Us?

Social Engineering 127

Social Engineering Spyware Data breaches Surveillance 127

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. and 15.6 ( FINDMYPWN ), and 16.0.3 ( PWNYOURHOME ).”

Surveillance 98

Surveillance Spyware Education Risk 98

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance 98

Surveillance Education Media Hacking 98

Security Affairs

JULY 30, 2023

Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Monitor Insider Threats but Build Trust First Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS DepositFiles exposed (..)

Surveillance 98

Surveillance Cryptocurrency Cyber Attacks Hacking 98

Security Affairs

MAY 18, 2023

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues: CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Please nominate Security Affairs as your favorite blog.

Surveillance 98

Surveillance Hacking Engineering Mobile 98

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Data breaches 131

Data breaches Surveillance Cryptocurrency Ransomware 131

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 126

Artificial Intelligence Data breaches Scams Insurance 126

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 127

Spyware Surveillance DDOS Identity Theft 127

Security Affairs

MARCH 4, 2024

How does the European Consumer Organisation view Meta’s data processing practices in relation to surveillance-based business models? ” Below is the video of my interview: In 2023, the European Union fined Meta $1.3 billion for transferring user data to the US.

Data collection 133

Data collection Surveillance Hacking Information Security 133

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 124

Cyber Attacks Firewall Data breaches Telecommunications 124

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. The newest version of the malware (Version 9) was likely employed in February 2023, while the oldest version discovered by the researchers (Version 6) dates back to October 2022. ” Check Point concludes.

Surveillance 98

Surveillance Malware Social Engineering Phishing 98