Accountability, Hacking, Mobile and Surveillance

SEC X account hacked to hawk crypto-scams

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability

Accountability Scams Hacking Cryptocurrency

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. SecurityAffairs – hacking, RCS Labs). ” reads the report published by Google.

Surveillance

Surveillance Mobile Spyware Telecommunications

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.”

Surveillance

Surveillance Software Spyware Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call.

Surveillance

Surveillance Spyware Malware Mobile

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead.

Mobile

Mobile Cryptocurrency Accountability Authentication

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

Android mobile devices from top vendors in China have pre-installed malware

Security Affairs

FEBRUARY 9, 2023

Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. The smartphones analyzed by the r researchers were observed sending data to the device vendor and the Chinese mobile network operators (e.g., EU) Android OS distributions from the same OS developers.

Mobile

Mobile Malware Surveillance Spyware

China Says U.S. Hacking Huawei Since 2009

SecureWorld News

SEPTEMBER 28, 2023

In a tale as old as the computer, China has once again pointed fingers at the United States, accusing it of hacking into one of its technology companies. RELATED: 8 Steps Huawei Took to Steal IP from T-Mobile and Cover It Up ] The timing of these accusations holds significant weight, as both China and the U.S.

Hacking

Hacking Artificial Intelligence Telecommunications Cyber Attacks

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. According to the NSO CEO, Facebook was interested in improving surveillance capabilities on iOS devices of the Onavo Protect. ” Who will win? Facebook or NSO Group? Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Government

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs

MARCH 3, 2024

An attacker can exploit the flaws to create an account on the app and gain access to a nearby doorbell camera by pairing it with another device. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, camera doorbells)

Manufacturing

Manufacturing Wireless Retail Surveillance

Egypt regularly spies on opponents and activists with mobile apps

Security Affairs

OCTOBER 4, 2019

Researchers at Check Point discovered that Egypt ‘ government has been spying citizens in a sophisticated surveillance program. Researchers at Check Point discovered that the Egyptian government has been spying on activists and opponents as part of a sophisticated surveillance program. SecurityAffairs – Egypt, surveillance).

Mobile

Mobile Surveillance Government Advertising

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government

Government Accountability Education Media

60,000 Androids have stalkerware-type app Spyhide installed

Malwarebytes

JULY 25, 2023

.” By definition, stalkerware are tools – software programs, apps and devices – that enable someone to secretly spy on another person’s private life via their mobile device. Many stalkerware applications market themselves as parental monitoring tools, but they can be and often are used to stalk and spy on a person.

Surveillance

Surveillance Mobile Marketing Government

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile

Mobile Cryptocurrency Scams Computers and Electronics

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. ” concludes the alert.

Passwords

Passwords Surveillance Manufacturing Accountability

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

“The spyware, which we have named Goontact, targets users of illicit sites, typically offering escort services, and steals personal information from their mobile device.” These sites advertise account IDs for secure messaging apps such as KakaoTalk or Telegram that could allow to communicate with the escorts.

Spyware

Spyware Mobile Surveillance Malware

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. The company denied any involvement in the surveillance campaign attributed to the Donot Team APT. SecurityAffairs – hacking, Donot Team APT). photos, files), and spy on WhatsApp communications. .”

Spyware

Spyware Surveillance Accountability Mobile

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Password Management

Understanding and Recognizing Tech Abuse

SecureWorld News

AUGUST 16, 2023

It encompasses various forms of cybercrime and online harm, including cyberstalking, tracking, hacking accounts and intimate image abuse. A common example of this is surveillance. Still, it might not be seen that way due to the normalization of surveillance and the narrative that 'surveillance is love'.

Surveillance

Surveillance Technology Accountability Spyware

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Amnesty International and Forbidden Stories – a Paris-based nonprofit media group that works with journalists – said earlier this week that users of the Israeli-developed spyware were able to hack into iPhone 11 and iPhone 12 devices, as well as Android devices, of tens of thousands of people – including a number of world leaders.

Spyware

Spyware Mobile Government Surveillance

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Security Affairs

SEPTEMBER 18, 2020

Rampant Kitten has been active at least since 2014 and was involved in ongoing surveillance operations against Iranian minorities, anti-regime organizations, and resistance movements. SecurityAffairs – hacking, Rampant Kitten). If the victim had 2FA enabled, the malware is also able to intercept 2FA SMS and send them to the attackers.

Malware

Malware Phishing Accountability Advertising

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

A week after it landed with a curious (and most likely spurious) thud, Zuckerberg’s announcement about a new tack on consumer privacy still has the feel of an unexpected message from some parallel universe where surveillance (commercial and/or spycraft) isn’t the new normal. This article originally appeared on Inc.com.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

Dangerous permissions detected in top Android health apps

Security Affairs

SEPTEMBER 15, 2023

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. Cybernews has the story.

Accountability

Accountability Mobile Surveillance Information Security

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. ( Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

The Zero Click, Zero Day iMessage Attack Against Journalists

SecureWorld News

DECEMBER 23, 2020

Earlier this year, 36 journalists, producers, anchors, and executives at Al Jazeera had their personal phones hacked. Their phones were hacked through the use of an exploit chain known as KISMET, an invisible zero-click exploit in iMessage. and could hack the Apple iPhone 11.

Spyware

Spyware Surveillance Hacking Media

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Security Affairs

JUNE 19, 2019

The researchers speculate on a possible connection to Domestic Kitten espionage activities, an extensive surveillance operation conducted by Iranian APT actor aimed at specific groups of individuals since 2016. Once the malware is executed, it generates a unique ID and then collects targeted data and writes it to a file on the mobile device.

Mobile

Mobile Malware Advertising Encryption

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

FEBRUARY 22, 2021

In response to the malicious activity, the company permanently banned the account used by the attacker and deployed new “safeguards” to prevent similar attacks in the future, but ClubHouse was not able to ensure that it will not happen again. Lets talk about the Clubhouse 'hack' which wasn't. ” reported Bloomberg.

CSO

CSO Internet Internet Surveillance

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

Experts uncovered a hacking campaign targeting several WordPress Plugins. White hat hacker demonstrated how to hack a million Instagram accounts. A new variant of Trickbot banking Trojan targets Verizon, T-Mobile, and Sprint users. Expert found Russias SORM surveillance equipment leaking user data.

eCommerce

eCommerce Data breaches Malware Advertising

The state of stalkerware in 2020

SecureList

FEBRUARY 26, 2021

In total, 53,870 of our mobile users were affected globally by stalkerware in 2020. The Coalition Against Stalkerware warns that stalkerware “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” The risks of stalkerware can go beyond the online sphere and enter the physical world.

Mobile

Mobile Surveillance Software Passwords

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs

NOVEMBER 2, 2019

Recently the cybersecurity firm SEC Consult reviewed the source code of the ProtonMail iOS App and found seven low-risk vulnerabilities in the popular mobile mail client. “During the initial code review, SEC Consult found seven low-risk vulnerabilities in the reviewed source code and the mobile app.”

Technology

Technology Mobile Advertising Surveillance

How Do You Protect Yourself from Credit Card Skimmers?

Identity IQ

OCTOBER 17, 2022

Little to no surveillance over each point-of-sale device at the pump can allow thieves to set these devices up in plain sight. Although not as common, being hacked from using your credit card chip is still a possibility. Another alternative can be to use your mobile wallet.

Identity Theft

Identity Theft Banking Scams Retail

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

IoT-enabled scams and hacks quickly ramped up to a high level – and can be expected to accelerate through 2021 and beyond. Hacking collectives are very proficient at “exploiting weak authentication schemes to gain persistence inside of a targeted network,” Sherman says. In response, threat actors are hustling to take full advantage.

IoT

IoT Healthcare Internet Internet

Pegasus?—?The Humanitarian Costs of Insecure Code

Security Boulevard

SEPTEMBER 30, 2021

Pegasus is an advanced spyware that exploits vulnerable mobile apps to gain a foothold on iPhone and Android devices. Pegasus is the creation of the NSO Group , an Israeli firm that licenses it to governments to perform surveillance. Pegasus is deployed to directly monitor the individual, not steal their account privileges.

Spyware

Spyware Government Surveillance Mobile

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

The Signaling System 7 , aka SS7 , which is a set of protocols developed in 1975 that allows the connections of one mobile phone network to another. “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).”

Banking

Banking Telecommunications Authentication Advertising

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

According to Stone, the CVE-2019-2215 vulnerability was being used or sold by the controversial surveillance firm NSO Group , it was exploited by its surveillance software Pegasus. SecurityAffairs – Android, hacking). In October, Google released the October 2019 set of Android fixes that addressed the flaw.

Surveillance

Surveillance Advertising Marketing Encryption

Pegasus spyware has been here for years. We must stop ignoring it

Malwarebytes

JULY 22, 2021

When weaponized by authoritarian governments, surveillance chills free speech, scares away dissent, and robs an innocent public of a life lived unwatched, for no crime committed other than speaking truth to power, conducting public health research, or simply loving another person. They have no shame. They must be brought to justice.”.

Spyware

Spyware Surveillance Mobile Government

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Government Malware

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

The Signaling System 7 , aka SS7 , which is a set of protocols developed in 1975 that allows the connections of one mobile phone network to another. “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).”

Banking

Banking Telecommunications Authentication Advertising

Attack of drones: airborne cybersecurity nightmare

Security Affairs

DECEMBER 2, 2022

Naturally, threat actors follow the trend and exploit the technology for surveillance, payload delivery, kinetic operations, and even diversion. Let’s dive into some examples of how enterprises must account for external drones entering their airspace and cyber threats to drones operated by the enterprise. Market overview. Dronesploit.

Cybersecurity

Cybersecurity Wireless Computers and Electronics Penetration Testing

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

Recently security the security expert researcher Sam Curry warned of vulnerabilities in mobile apps that exposed Hyundai and Genesis car models after 2012 to remote attacks. ” Privacy advocates are raising the alarm on surveillance activities operated by law enforcement by collecting data from connected systems in modern cars.

Surveillance

Surveillance Technology Mobile Hacking

7 Cyber Security Courses Online For Everybody

Spinone

NOVEMBER 21, 2019

In case you want to train your employees, you may need to use a company account to be able to set scheduled lessons for your staff. to $199 for business accounts. There are two types to choose from: an individual account and a company account. But it works only for individual users.

Social Engineering

Social Engineering Accountability Phishing Cybersecurity

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Security Affairs

DECEMBER 3, 2021

Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.”

Spyware

Spyware Surveillance Hacking Software

SEC X account hacked to hawk crypto-scams

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Webinars

Trending Sources

EU officials were targeted with Israeli surveillance software

Webinars

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Hanging Up on Mobile in the Name of Security

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Android mobile devices from top vendors in China have pre-installed malware

China Says U.S. Hacking Huawei Since 2009

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Eken camera doorbells allow ill-intentioned individuals to spy on you

Egypt regularly spies on opponents and activists with mobile apps

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

60,000 Androids have stalkerware-type app Spyhide installed

Florida Man Arrested in SIM Swap Conspiracy

Pegasus Project – how governments use Pegasus spyware against journalists

FBI warns swatting attacks on owners of smart devices

Sextortion campaign uses Goontact spyware to target Android and iOS users

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

The Risk of Weak Online Banking Passwords

Understanding and Recognizing Tech Abuse

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Dangerous permissions detected in top Android health apps

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

The Zero Click, Zero Day iMessage Attack Against Journalists

Bouncing Golf cyberespionage campaign targets Android users in Middle East

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs newsletter Round 229 – News of the week

The state of stalkerware in 2020

Proton Technologies makes the code of ProtonMail iOS App open source

How Do You Protect Yourself from Credit Card Skimmers?

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Pegasus?—?The Humanitarian Costs of Insecure Code

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Pegasus spyware has been here for years. We must stop ignoring it

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Attack of drones: airborne cybersecurity nightmare

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

7 Cyber Security Courses Online For Everybody

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Stay Connected