Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices.

Spyware 79

Spyware Surveillance Firmware Hacking 79

Security Affairs

JULY 24, 2023

in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. Such kind of technology could be abused by the government to conduct dragnet surveillance. government to reconsider its approach.

Surveillance 75

Surveillance Encryption Government Technology 75

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 73

Surveillance Malware Spyware Education 73

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware 75

Spyware Surveillance Mobile Education 75

Security Affairs

FEBRUARY 6, 2024

government’s commitment to addressing the misuse of surveillance software, which poses a significant threat to society. ” The policy specifically addresses the abuse of commercial spyware for unlawfully surveilling, harassing, suppressing, or intimidating individuals. national security or foreign policy interests.

Spyware 85

Spyware Surveillance Government Technology 85

Schneier on Security

MARCH 31, 2024

Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. He was the first person to understand that security problems are often actually economic problems. Okay, he created both—I helped.)

Surveillance 289

Surveillance Engineering Encryption Government 289

Security Affairs

MARCH 5, 2024

The surveillance software was also used to spy on U.S. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. Predator spyware is known for its extensive data-stealing and surveillance capabilities. government officials, journalists, and policy experts.

Spyware 94

Spyware Surveillance Government Technology 94

Security Affairs

APRIL 23, 2024

The measure aims to counter the misuse of surveillance technology targeting journalists, academics, human rights defenders, dissidents, and US Government personnel, as documented in the Country Reports on Human Rights Practices. national security or foreign policy interests. The policy underscores the U.S.

Spyware 84

Spyware Surveillance Government Technology 84

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Surveillance software is used to spy on high-risk users, including journalists, human rights defenders, dissidents and opposition party politicians. ” reads the report published by Google.

Spyware 98

Spyware Surveillance Government Software 98

Security Affairs

NOVEMBER 30, 2023

Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web content to disclose sensitive information.

Surveillance 118

Surveillance Engineering Hacking Information Security 118

Security Affairs

DECEMBER 12, 2023

The flaw CVE-2023-42898 was discovered by Junsung Lee. Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Apple this week rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 16.7.3 and iPadOS 16.7.3

Surveillance 101

Surveillance Hacking Information Security 101

Security Affairs

DECEMBER 6, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks. CISA orders federal agencies to fix these vulnerabilities by December 26, 2023.

Surveillance 99

Surveillance Hacking Cybersecurity Risk 99

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. TODAY, 1 day later, Chrome has a fix out to protect users!!!

Surveillance 106

Surveillance Hacking Information Security 106

Security Affairs

SEPTEMBER 27, 2023

— Operation Zero (@opzero_en) September 26, 2023 The Russian company pointed out that the end user for its exploits is a non-NATO country, it also added that decided to increase the payout due to high demand on the market. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).

Mobile 119

Mobile Surveillance Marketing Hacking 119

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. ” reads the report. ” continues the report. .” ” continues the report.

Ransomware 97

Ransomware Surveillance Healthcare Accountability 97

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC.

Surveillance 100

Surveillance Cybersecurity Hacking Risk 100

Security Affairs

FEBRUARY 22, 2023

Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531, that affect iOS, iPadOS , and macOS. An attacker can trigger the CVE-2023-23530 flaw to execute arbitrary code out of its sandbox or with certain elevated privileges. ” reads the advisory.

Surveillance 97

Surveillance Spyware Hacking Software 97

Security Affairs

JANUARY 29, 2024

In early December, Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.

Surveillance 103

Surveillance DDOS Mobile Hacking 103

Security Affairs

SEPTEMBER 22, 2023

Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. CVE-2023-41993 is an arbitrary code execution issue that resides in the Webkit.

Spyware 99

Spyware Surveillance Mobile Hacking 99

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24.

Surveillance 86

Surveillance Software Engineering Passwords 86

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware 93

Firmware Surveillance Authentication Manufacturing 93

Malwarebytes

DECEMBER 21, 2023

The regulator found so many flaws in the retailer’s surveillance program that it concluded Rite Aid had failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores. The company also failed to inform consumers that it was using the technology in its stores.

Surveillance 88

Surveillance Technology Retail Artificial Intelligence 88

Security Affairs

SEPTEMBER 14, 2023

A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, was infected with the surveillance software. The investigation started on June 22, 2023, after Timchenko received a notification from Apple that state-sponsored attackers may be targeting her iPhone.

Spyware 86

Spyware Surveillance Media Government 86

Security Affairs

OCTOBER 16, 2023

— Signal (@signalapp) October 16, 2023 The company also added that it has checked with the U.S. We take reports to security@signal.org very seriously, and invite those with real info to share it there. Government to determine if they were aware of a zero-day exploit for their platform.

Spyware 99

Spyware Surveillance Encryption Mobile 99

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. and 15.6 ( FINDMYPWN ), and 16.0.3 ( PWNYOURHOME ).”

Spyware 82

Spyware Surveillance Education Risk 82

Security Affairs

OCTOBER 5, 2023

The surveillance market is literally exploding, intelligence agencies, law enforcement bodies and zero-day brokers are competing to buy exploits that can allow them to compromise devices and apps. It’s unclear if these patches fixed the flaws underlying the exploits that were on sale in 2021.”

Mobile 125

Mobile Marketing Spyware Surveillance 125

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance 82

Surveillance Education Media Hacking 82

Security Affairs

MAY 18, 2023

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues: CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Please nominate Security Affairs as your favorite blog.

Surveillance 82

Surveillance Hacking Engineering Mobile 82

Security Affairs

JULY 30, 2023

Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Monitor Insider Threats but Build Trust First Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS DepositFiles exposed (..)

Surveillance 73

Surveillance Cryptocurrency Cyber Attacks Hacking 73

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 80

Spyware Surveillance Artificial Intelligence Data breaches 80

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). In May 2023, the European Parliament voted a resolution ( 2023/2501 ) on the DPF.

Data privacy 83

Data privacy Surveillance Financial Services Government 83

Security Affairs

SEPTEMBER 3, 2023

Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US Being Used to Phish So Many of Us?

Social Engineering 99

Social Engineering Spyware Data breaches Surveillance 99

Security Affairs

JUNE 9, 2023

Stealth Soldier is surveillance software that allows operators to spy on the victims and exfiltrate collected data. The newest version of the malware (Version 9) was likely employed in February 2023, while the oldest version discovered by the researchers (Version 6) dates back to October 2022. ” Check Point concludes.

Surveillance 80

Surveillance Malware Social Engineering Engineering 80

Security Affairs

JULY 20, 2023

Most recent samples of DraginEgg are dated April 2023. “After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers. ” reads the report published by Lookout.

Spyware 77

Spyware Surveillance Mobile Malware 77

Security Affairs

MARCH 4, 2024

How does the European Consumer Organisation view Meta’s data processing practices in relation to surveillance-based business models? ” Below is the video of my interview: In 2023, the European Union fined Meta $1.3 billion for transferring user data to the US.

Data collection 92

Data collection Surveillance Hacking Information Security 92

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 86

Spyware Surveillance Identity Theft DDOS 86

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 84

DDOS Hacking Spyware Surveillance 84