Heimadal Security

FEBRUARY 10, 2023

A new custom-made malware, the Screenshotter, surveils the victims before stealing data. Researchers first spotted the campaign in October 2022, but its activity increased in 2023. The threat actor called TA886 is utilizing this malware to target users from the United States and Germany.

Surveillance 98

Surveillance Malware Cybersecurity 98

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 131

Spyware Surveillance Software Hacking 131

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 137

Government Surveillance Ransomware Cybercrime 137

Penetration Testing

JULY 7, 2024

Recently, Synology, a leading network-attached storage (NAS) and surveillance solution provider, has updated its security advisory to detail multiple vulnerabilities in its BC500 and TC500 camera models.

Surveillance 80

Surveillance Cybersecurity 80

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 131

Data breaches Ransomware Manufacturing Encryption 131

Security Affairs

FEBRUARY 7, 2023

The stolen documents contain evidence of a dragnet surveillance activity conducted by the intelligence service FSB. According to collecting, Convex company launched a project code-named ‘Green Atom’ that aims to spy on Russian citizens by using surveillance equipment. System for Operative Investigative Activities’ ).

Surveillance 98

Surveillance Internet Internet Government 98

The Last Watchdog

DECEMBER 16, 2024

Hurd Wayne Hurd , VP of Sales, Luminys Video Surveillance as a Service (VSaaS) advancements will provide more accurate threat detection that allows security teams to focus on real risks, minimizing false alarms. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Penetration Testing

DECEMBER 27, 2023

In a digital landscape increasingly dotted with sophisticated surveillance solutions, the discovery of a critical vulnerability in QNAP’s VioStor Network Video Recorder (NVR) devices serves as a stark reminder of the ever-present cybersecurity risks....

Penetration Testing 97

Penetration Testing Surveillance Risk Cybersecurity 97

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 98

Surveillance Malware Spyware Accountability 98

Security Affairs

JUNE 7, 2023

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices.

Spyware 98

Spyware Surveillance Firmware Hacking 98

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses. national security or foreign policy interests.

Surveillance 98

Surveillance Spyware Government Technology 98

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Verdict: very limited fulfillment of the prediction ❌ APT predictions for 2023. Here are the developments we think we could be seeing in 2023. What we predicted in 2022.

Firmware 126

Firmware Surveillance Mobile Telecommunications 126

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH. Therefore, we did not issue a certificate.

IoT 136

IoT DDOS Passwords Malware 136

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Spyware 98

Spyware Surveillance Mobile Education 98

The Hacker News

FEBRUARY 19, 2024

operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) Their various malware included

Spyware 143

Spyware Surveillance Threat Reports Malware 143

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 133

Surveillance Government Hacking Encryption 133

SecureList

MARCH 13, 2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Nevertheless, iPhone users fearing surveillance should always keep a close eye on their device.

Mobile 107

Mobile Passwords Surveillance Technology 107

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Surveillance software is used to spy on high-risk users, including journalists, human rights defenders, dissidents and opposition party politicians. ” reads the report published by Google.

Spyware 131

Spyware Surveillance Government Software 131

Schneier on Security

MARCH 19, 2024

2: Surveillance Social media’s reliance on advertising as the primary way to monetize websites led to personalization, which led to ever-increasing surveillance. The proliferation of open-source AI development in 2023, successful to an extent that startled corporate players, is proof of this.

Media 354

Media Advertising Surveillance Artificial Intelligence 354

Malwarebytes

JUNE 27, 2023

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests. Surveillance and webcam vulnerabilities are common, and we’ve covered them many times on our blog.

Surveillance 91

Surveillance Small Business Manufacturing Government 91

Security Affairs

NOVEMBER 30, 2023

The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. The second vulnerability, tracked as CVE-2023-42917, is a memory corruption vulnerability. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm.

Surveillance 136

Surveillance Engineering Hacking Information Security 136

Security Affairs

DECEMBER 6, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks. CISA orders federal agencies to fix these vulnerabilities by December 26, 2023.

Surveillance 133

Surveillance Hacking Cybersecurity Risk 133

Security Affairs

DECEMBER 12, 2023

The flaw CVE-2023-42898 was discovered by Junsung Lee. Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Addressed issues include CVE-2023-42916 and CVE-2023-42917 which Apple fixed at the end of November. Successful exploitation of the flaw may lead to arbitrary code execution.

Surveillance 131

Surveillance Hacking Information Security 131

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities. ” The group was able to steal data from the City and leaked approximately 1.169 TB at a time prior to May 03, 2023.

Ransomware 131

Ransomware Surveillance Healthcare Accountability 131

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. TODAY, 1 day later, Chrome has a fix out to protect users!!!

Surveillance 137

Surveillance Hacking Information Security 137

Security Affairs

SEPTEMBER 27, 2023

— Operation Zero (@opzero_en) September 26, 2023 The Russian company pointed out that the end user for its exploits is a non-NATO country, it also added that decided to increase the payout due to high demand on the market. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).

Mobile 138

Mobile Surveillance Marketing Hacking 138

Malwarebytes

MAY 1, 2025

Government-backed groups and customers of commercial surveillance vendors (that’s sanitized corporate-speak for spyware) were responsible for over half the attacks that the researchers were able to attribute. Spyware continues to be a much bigger factor in zero-day exploits today than it was before 2023.

Spyware 82

Spyware Mobile Technology Government 82

Malwarebytes

MARCH 7, 2024

Predator can turn infected smartphones into surveillance devices. Nelson said: “Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens.”

Spyware 129

Spyware Surveillance Government Mobile 129

Security Affairs

SEPTEMBER 27, 2024

The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts to protect users globally from digital surveillance and censorship. Together, they offer a comprehensive solution for users facing surveillance or seeking access to the open web.

Surveillance 127

Surveillance Hacking Information Security 127

Security Affairs

SEPTEMBER 14, 2023

A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, was infected with the surveillance software. The investigation started on June 22, 2023, after Timchenko received a notification from Apple that state-sponsored attackers may be targeting her iPhone.

Spyware 129

Spyware Surveillance Media Government 129

Security Affairs

JANUARY 3, 2024

Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. At the time of this writing the issue has yet to be addressed.

Surveillance 131

Surveillance Cybersecurity Hacking Risk 131

Security Affairs

DECEMBER 1, 2023

The two issues are: CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. CISA orders federal agencies to fix these vulnerabilities by December 21, 2023.

Surveillance 125

Surveillance Software Engineering Passwords 125

Security Affairs

SEPTEMBER 22, 2023

Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. CVE-2023-41993 is an arbitrary code execution issue that resides in the Webkit. Apple fixed the flaw with improved checks.

Spyware 125

Spyware Surveillance Mobile Hacking 125

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. The details of the remaining CVEs will be shared in our December 2023 public bulletin.”

Firmware 123

Firmware Surveillance Authentication Manufacturing 123

Security Affairs

JANUARY 29, 2024

In early December, Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.

Surveillance 135

Surveillance DDOS Mobile Hacking 135

The Hacker News

JANUARY 25, 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.

Cyber threats 91

Cyber threats Surveillance 91

Security Affairs

NOVEMBER 18, 2024

Billion), 2023 Meta’s record-breaking fine stems from its failure to safeguard data transfers between the EU and the U.S. government surveillance. Billion ($1.4 After the invalidation of the EU-U.S. This massive fine, the largest ever under GDPR, highlights the need for companies to adapt quickly to regulatory changes.

Data privacy 125

Data privacy Risk Surveillance Government 125