SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 117

Malware Government Software Spyware 117

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. At this time, the origin of NoviSpy remains unclear. ” continues the report.

Spyware 105

Spyware Surveillance Technology Mobile 105

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. In March 2024, Meta won the litigation against the Israeli spyware vendor, a U.S. ” The U.S.

Spyware 108

Spyware Surveillance Hacking Software 108

Malwarebytes

JANUARY 20, 2025

The name for this method is surveillance pricing, and the FTC has just released initial findings of a report looking into that practice. In July 2024, the FTC requested information from eight companies offering surveillance pricing products and services that incorporate data about consumers characteristics and behavior.

Surveillance 116

Surveillance Artificial Intelligence Consumer Protection Data collection 116

WIRED Threat Level

JANUARY 10, 2025

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

Surveillance 142

Surveillance 142

Security Affairs

FEBRUARY 2, 2025

WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. In 2024, its U.S. The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices.

Spyware 108

Spyware Hacking Surveillance Malware 108

Krebs on Security

SEPTEMBER 10, 2024

By far the most curious security weakness Microsoft disclosed today has the snappy name of CVE-2024-43491 , which Microsoft says is a vulnerability that led to the rolling back of fixes for some vulnerabilities affecting “optional components” on certain Windows 10 systems produced in 2015.

Artificial Intelligence 299

Artificial Intelligence Surveillance Internet Internet 299

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. In 2024, Apple addressed six zero-day vulnerabilities in its products. As usual, the company did not share details regarding the attacks exploiting the flaw.

Spyware 119

Spyware Surveillance Media Hacking 119

Malwarebytes

JUNE 19, 2025

Non-profit group Fairplay, which advocates for protecting children from inappropriate technology and brand marketing, launched a campaign protesting child surveillance. Subsequently, investigators found vulnerabilities that would allow intruders to eavesdrop on that audio. Mattel pulled the toy from shelves in 2017.

Surveillance 139

Surveillance Technology Risk Marketing 139

Security Boulevard

JANUARY 20, 2025

Inside the Black Box of Predictive Travel Surveillance Wired Covers the use of powerful surveillance technology in predicting who might be a "threat." Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 welivesecurity (ESET) CVE-2024-7344. A UEFI signed by a Microsoft certificate could bypass Secure Boot.

Surveillance 97

Surveillance Malware Data breaches Scams 97

Penetration Testing

NOVEMBER 4, 2024

A newly identified security vulnerability in ZoneMinder, a popular open-source video surveillance platform, could allow attackers to gain control over SQL databases, compromising data confidentiality and system integrity.

Surveillance 140

Surveillance Cybersecurity 140

Security Affairs

NOVEMBER 16, 2024

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. from April 29, 2018, to May 10, 2020).

Spyware 117

Spyware Surveillance Malware Hacking 117

Penetration Testing

MARCH 2, 2024

Hikvision, a titan in the surveillance solutions industry, recently addressed two security vulnerabilities affecting its centralized security management platform, HikCentral Professional.

Penetration Testing 142

Penetration Testing Surveillance 142

Security Affairs

FEBRUARY 26, 2025

ThreatFabric researchers first discovered a macOS version of LightSpy spyware in May 2024, the threat has been active in the wild since at least January 2024. Command set modifications and Windows-targeted plugins suggest that operators continue to refine their data collection and surveillance approach across multiple platforms.”

Data collection 104

Data collection Spyware Media Surveillance 104

Security Affairs

APRIL 8, 2025

The company confirmed that the issue was fixed in December 2024 without a client-side update, and no CVE-ID was assigned. The Meta-owned company linked the hacking campaign to Paragon , an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware 115

Spyware Surveillance Hacking Media 115

Penetration Testing

MARCH 28, 2024

Security researchers at Synology have released a critical security advisory detailing multiple vulnerabilities in their Surveillance Station software.

Surveillance 117

Surveillance Penetration Testing Software 117

Penetration Testing

JULY 7, 2024

Recently, Synology, a leading network-attached storage (NAS) and surveillance solution provider, has updated its security advisory to detail multiple vulnerabilities in its BC500 and TC500 camera models.

Surveillance 80

Surveillance Cybersecurity 80

Penetration Testing

APRIL 29, 2025

In its latest threat landscape analysis, the Google Threat Intelligence Group (GTIG) reported a continued surge in the The post Google: Zero-Day Exploits Shift from Browsers to Enterprise Security Tools in 2024 appeared first on Daily CyberSecurity.

Cybersecurity 73

Cybersecurity Surveillance 73

Security Affairs

MARCH 21, 2025

Russian intelligence agencies could use these exploits for surveillance and espionage purposes. In September 2024, Ukraines National Coordination Centre for Cybersecurity (NCCC) banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns.

Government 144

Government Surveillance Hacking Mobile 144

Malwarebytes

APRIL 11, 2025

The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the Pall Mall Pact is to regulate Commercial Cyber Intrusion Capabilities (CCICs), or what we usually refer to as spyware and surveillance tools. Privacy is more than a personal concern.

Spyware 79

Spyware Surveillance Government VPN 79

WIRED Threat Level

JULY 25, 2024

A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch.

Surveillance 133

Surveillance 133

Security Affairs

MARCH 20, 2025

CERT-UA’s report states that the UAC-0200 activity has been tracked since summer 2024, with recent decoy messages (since February 2025) focusing on UAVs and electronic warfare. .” reads the report published CERT-UA. CERT-UA published Indicators of Compromise (IoCs) for the ongoing campaign.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Security Affairs

FEBRUARY 13, 2025

The trend of malicious targeting in the drone manufacturing segment increased during Q3-Q4 2024 and continued into Q1 2025. Unmanned Aerial Vehicles (UAVs), commonly known as drones, have become integral to modern military operations, particularly for intelligence, surveillance, and reconnaissance (ISR) missions.

Technology 87

Technology Surveillance Manufacturing Cyber threats 87

Security Affairs

JUNE 24, 2025

The company confirmed that the issue was fixed in December 2024 without a client-side update, and no CVE-ID was assigned. The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Government 96

Government Spyware Encryption Mobile 96

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface. ” reads the advisory published by Claroty.

Firmware 69

Firmware IoT Wireless Surveillance 69

Security Affairs

MARCH 19, 2025

The company confirmed that the issue was fixed in December 2024 without a client-side update, and no CVE-ID was assigned. The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware 95

Spyware Surveillance Hacking Media 95

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa. using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 135

Surveillance Government Encryption Hacking 135

Approachable Cyber Threats

OCTOBER 24, 2024

If your company is going to be processing Controlled Unclassified Information (CUI) and already meets the NIST 800-171 control requirements, there is one way for you to get a head start on your CMMC compliance journey - a Joint Surveillance Voluntary Assessment (JSVA). What is a JSVA?”

Surveillance 97

Surveillance Risk Technology Cybersecurity 97

The Hacker News

MARCH 25, 2024

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera.

Phishing 123

Phishing Surveillance Manufacturing Technology 123

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. The most recent samples detected by the cybersecurity firm are dated March 2024.

Spyware 78

Spyware Surveillance Encryption Malware 78

Penetration Testing

AUGUST 15, 2024

ZoneMinder, a widely used open-source video surveillance solution, has been found to contain a critical SQL injection vulnerability that could allow attackers to gain unauthorized access to sensitive data and... The post CVE-2024-43360: SQLi Flaw Discovered in Popular Surveillance Software ZoneMinder appeared first on Cybersecurity News. (..)

Surveillance 52

Surveillance Software Cybersecurity 52

Security Affairs

MARCH 3, 2025

Amnesty International first found traces of this Cellebrite USB exploit used in a separate case in mid-2024.” ” In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. .” Below is the statement published by the company.

Hacking 67

Hacking Spyware Technology Surveillance 67

The Hacker News

JANUARY 25, 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.

Cyber threats 87

Cyber threats Surveillance 87

CyberSecurity Insiders

MAY 27, 2021

Microsoft President Brad Smith has issued a warning against the use of Artificial Intelligence technology and said that if the tech remains uncontrolled, and then it can spell doom on mankind by 2024. . The post Microsoft Chief Brad Smith wants AI to be controlled by 2024 appeared first on Cybersecurity Insiders.

Artificial Intelligence 94

Artificial Intelligence Surveillance Government Technology 94

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 69

Spyware DNS Data breaches Firewall 69

Security Affairs

DECEMBER 7, 2024

” In June 2024, Parubets reported to First Department that during a 15-day administrative detention authorities confiscated his Android device. These extended capabilities suggest that the malware aims for comprehensive surveillance of the target device. ” continues the report.

Spyware 125

Spyware Passwords Encryption Surveillance 125

Schneier on Security

MARCH 19, 2024

2: Surveillance Social media’s reliance on advertising as the primary way to monetize websites led to personalization, which led to ever-increasing surveillance. The harder it is for you to switch to a competitor, the more poorly a company can treat you.

Media 351

Media Advertising Surveillance Artificial Intelligence 351