SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Verdict: very limited fulfillment of the prediction ❌ APT predictions for 2023. Here are the developments we think we could be seeing in 2023. What we predicted in 2022.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH. Therefore, we did not issue a certificate.

IoT 137

IoT DDOS Passwords Malware 137

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Surveillance software is used to spy on high-risk users, including journalists, human rights defenders, dissidents and opposition party politicians. ” reads the report published by Google.

Spyware 134

Spyware Surveillance Government Software 134

CyberSecurity Insiders

MARCH 21, 2023

With the increasing need for online privacy and security, Virtual Private Networks (VPNs) have become a popular solution for internet users. VPNs allow users to access the internet securely and privately by encrypting their internet traffic and hiding their IP addresses. Or do you need a VPN for general internet use?

VPN 116

VPN Internet Internet Encryption 116

CyberSecurity Insiders

JANUARY 8, 2023

However, the new rule only applies to nations where censorship is high, like China, and in places, internet shutdowns are frequent, like in Iran. Means, WhatsApp users can use intermediatory gateways to connect to the web, or in case the link between their device and the internet goes off.

Internet 113

Internet Internet Surveillance Government 113

The Last Watchdog

AUGUST 1, 2022

If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow. LW: Near term – can you paint a picture of a likely adoption scenario in 2022 and 2023? Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Manufacturing 250

Manufacturing IoT Surveillance Authentication 250

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Victims who failed these checks downloaded a benign file and were redirected to Microsoft’s web portal, msn.com.

Malware 142

Malware Phishing Surveillance Internet 142

Malwarebytes

OCTOBER 3, 2024

The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about the person.

Artificial Intelligence 141

Artificial Intelligence Engineering Surveillance Technology 141

Security Affairs

JANUARY 7, 2024

“The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” During one of the most recent campaigns in 2023, the APT group employed a reverse TCP shell named SnappyTCP to target Linux/Unix systems. Enable 2FA on all externally exposed accounts.

Media 140

Media Accountability Telecommunications Government 140

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions.

Malware 118

Malware Government Software Spyware 118

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 125

Artificial Intelligence Data breaches Scams Insurance 125

Malwarebytes

OCTOBER 11, 2023

It’s spying when governments do it through opaque, mass surveillance regimes, it’s spying when companies do it through shadowy data broker networks that braid together disparate streams of information, and it’s spying when private individuals do it through unseen behavior on personal devices.

Surveillance 130

Surveillance Passwords Software Technology 130

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance 98

Surveillance Education Media Hacking 98

BH Consulting

DECEMBER 11, 2023

It also found instances where virtual machines are exposed to the internet. Cloud security was also a theme in Microsoft’s ‘Cybersecurity Trends in Ireland 2023’ report. Sounds like excessive surveillance? Sign up here The post Security Roundup December 2023 appeared first on BH Consulting.

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

Malwarebytes

JUNE 7, 2024

In April of 2023, Google Play launched a series of initiatives that gives users control over the way that separate, third-party apps stored data about them. But this was part of a settlement in a lawsuit accusing the search giant of illegal surveillance. Choose Your Timeline.

Accountability 138

Accountability Surveillance VPN Mobile 138

Security Affairs

MARCH 29, 2023

” The second campaign was spotted in December 2022 when the researchers discovered an exploit chain targeting the latest version of the Samsung Internet Browser using multiple zero-days and n-days. This was recently highlighted by blog posts from Project Zero and Github Security Lab.” ” concludes the report.

Spyware 98

Spyware Surveillance Firmware Internet 98

eSecurity Planet

MARCH 4, 2024

Azure-Connected IoT Vulnerable to Remote Code Execution Type of vulnerability: Internet of things (IoT) RCE vulnerability. February 28, 2024 Internet Exposed 3D-Printers Hacked to Broadcast Vulnerability Exposure Type of vulnerability: Missing valid credential check in printer service APIs.

IoT 117

IoT Internet Internet Ransomware 117

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Ransomware 127

Ransomware Data breaches Hacking Financial Services 127

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Hacking 98

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. ” reads the advisory published by Fortinet.

Authentication 98

Authentication Surveillance Retail Education 98

Malwarebytes

NOVEMBER 2, 2021

And because none of the major browser vendors had enough market share to “ embrace, extend and extinguish “, as Microsoft had attempted when Internet Explorer was dominant, everyone was forced to follow the same open standards. The deal is up in 2023 and Firefox’s market share is dwindling. Everyone benefitted.

Marketing 123

Marketing Surveillance Advertising Mobile 123

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 117

Banking Malware Computers and Electronics Mobile 117

Zero Day

JUNE 20, 2025

Also:   How to delete yourself from internet search results and hide your identity online For individuals, the damage can be more personal than figures on a balance sheet. The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems.

Passwords 64

Passwords Data breaches Password Management Identity Theft 64

eSecurity Planet

MARCH 27, 2023

“This activity continues China’s pattern of exploiting internet-facing devices, especially those used for managed security purposes (e.g. “First, they are accessible to the internet, and if the attacker has an exploit, they can gain access to a network without requiring any victim interaction,” the researchers wrote.

Firewall 104

Firewall Internet Internet Telecommunications 104

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall 65

Firewall Spyware Surveillance Cybercrime 65

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. Internet providers now ship home routers that can, for example, spin up an additional guest network.

Firmware 106

Firmware Passwords Manufacturing Mobile 106

Thales Cloud Protection & Licensing

JANUARY 14, 2020

The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) that’s often built with only a few security controls and therefore creating a larger attack surface that enterprises have to deal with., In fact, Gartner predicts that the 5G IoT endpoint installed base will approach 49 million units by 2023.

Data privacy 89

Data privacy IoT Data breaches Surveillance 89

DoublePulsar

APRIL 20, 2023

So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using Qakbot phishing to deliver hands on keyboard access for weeks — and question if the playbooks organisations are using to handle ransomware groups are fit for purpose in 2023.

Ransomware 135

Ransomware Government Data breaches Marketing 135

eSecurity Planet

JULY 8, 2024

The fix: CocoaPods fixed these flaws and reset all user sessions since October 2023. July 3, 2024 Threat Actors Exploit MSHTML Flaw to Deploy MerkSpy Surveillance Tool Type of vulnerability: Remote code execution. CVE-2023-2071 exploits insufficient input validation to upload and load malicious DLLs, resulting in remote code execution.

Risk 62

Risk Authentication Firmware Surveillance 62

SecureWorld News

DECEMBER 11, 2023

In July of 2023, the city of Hayward, California, declared a state of emergency after a cyberattack had degraded their emergency services dispatching capability. In the 1980s, the internet as we know it today was called ARPANET and used mostly by researchers and the military. Let's start with a quick story.

Technology 109

Technology Artificial Intelligence Cybercrime Government 109

Zero Day

JUNE 18, 2025

The Blink app is feature-rich, with plenty of camera settings to customize for the best surveillance, but you'll need a paid subscription to unlock the best features. The AA batteries allow the floodlights to beam at 700 nits of brightness, which is not the most powerful on the market but good enough to see your surroundings.

Password Management 57

Password Management Small Business Software Artificial Intelligence 57

Centraleyes

OCTOBER 11, 2024

Mass surveillance and overreach by huge online tech companies have pushed the proposal for a far-reaching legislative agenda that ended in success last week. On June 6, 2023, Governor Ron DeSantis officially signed Senate Bill 262 into law, establishing the Florida Digital Bill of Rights.

Data privacy 52

Data privacy Advertising Small Business Media 52

Malwarebytes

MAY 9, 2023

Both had inside tools named ngrok.exe and rsockstun.exe: Ngrok.exe is a legitimate tool that allows web developers to deploy applications and expose services to the internet. Attackers made a great and long surveillance of this victim, which extended until Jan 2023. Other groups also used ngrok for malicious purposes.

Surveillance 88

Surveillance Accountability DNS Encryption 88

Hackology

NOVEMBER 11, 2023

The malicious app containing Kamran was available for download from the Hunza News website, and the developer certificate used to sign the app was issued on January 10, 2023. By allowing the spyware to access such personal information, users are putting themselves at risk of identity theft, financial fraud, and unauthorized surveillance.

Spyware 45

Spyware Malware Risk Mobile 45

SecureList

MARCH 8, 2023

Stalkerware can be downloaded and easily installed by anyone with an Internet connection and physical access to a smartphone. iPhone users fearing surveillance should always keep an eye on their device. A perpetrator violates the victim’s privacy as they can then use the software to monitor huge volumes of personal data.

Mobile 123

Mobile Software Accountability Cybersecurity 123

eSecurity Planet

JUNE 21, 2024

Unlike siloed SSO solutions, Dashlane’s confidential SSO, launched in 2023, works effortlessly with any SAML 2.0 Their password health checker and real-time dark web surveillance also improve overall security. Keeper : Better for cost, secure sharing, and customer support ($2 per user per month for Starter plan; $3.75

Password Management 103

Password Management Passwords Encryption VPN 103

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

Cybercrime 287

Cybercrime Mobile Media Hacking 287