Accountability, Information Security and Surveillance

Apple Guidance on Intimate Partner Surveillance

Adam Shostack

MAY 6, 2021

The document includes checklists, which are available separately: If you want to see if anyone else has access to your device or accounts. Defending against attackers who are both authorized and “interface-bound” is a weird problem for information security, as traditionally defined.

Surveillance

Surveillance Information Security Accountability Technology

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Surveillance

Surveillance Hacking Banking Firmware

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. .

Surveillance

Surveillance Malware Spyware Education

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. .”

Surveillance

Surveillance Software Spyware Hacking

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. ” Gensler wrote.

Accountability

Accountability Hacking Cryptocurrency Surveillance

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. List of installed packages. Call logs and geocoded location associated with the call.

Surveillance

Surveillance Spyware Malware Mobile

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. The move aims at fighting the advertising of any form of surveillance. The tech giant announced that the update will be effective starting from August 11, 2020. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Marketing

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

.” These searches are legal when conducted for the purpose of foreign surveillance, but the worry about using them domestically is that they are unconstitutionally broad. The very nature of these searches requires mass surveillance. The FBI does not conduct mass surveillance. The FBI does not conduct mass surveillance.

Surveillance

Surveillance Wireless Accountability Architecture

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. According to the NSO CEO, Facebook was interested in improving surveillance capabilities on iOS devices of the Onavo Protect. ” Who will win? Facebook or NSO Group? Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Government

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc.

Accountability

Accountability Data breaches Passwords Advertising

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. ” reads the report. ” reads the report.

Ransomware

Ransomware Surveillance Healthcare Accountability

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The threat actors gathered personal information on minority groups and potential political dissents. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. federal court for illegally targeting its customers with the surveillance spyware Pegasus. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S.

Spyware

Spyware Surveillance Software Hacking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Those of us in the information security community had long assumed that the NSA was doing things like this. Many have written about how being under constant surveillance changes a person.

Surveillance

Surveillance Computers and Electronics Encryption Government

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

The application was in fact a piece of custom Android spyware designed to extract some of the most sensitive and personal information stored on the activist’s phone.” The company denied any involvement in the surveillance campaign attributed to the Donot Team APT. photos, files), and spy on WhatsApp communications. .”

Spyware

Spyware Surveillance Accountability Mobile

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs

MARCH 3, 2024

Photo: Consumer Reports The security flaws could allow threat actors to view footage from the devices or control them completely. An attacker can exploit the flaws to create an account on the app and gain access to a nearby doorbell camera by pairing it with another device.

Manufacturing

Manufacturing Wireless Retail Surveillance

Monitor Insider Threats but Build Trust First

Security Affairs

JULY 28, 2023

It is not impossible to juggle these contradictory needs, but it may require a more holistic approach to security and a culture of trust within an organization. Surveillance to an extent is expected and accepted in the workplace, but the purpose must be clear, and the process should be suited to the purpose.

Surveillance

Surveillance Threat Detection Software Firewall

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.”

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. ”

Hacking

Hacking Ransomware Banking Accountability

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% The post Security Affairs newsletter Round 377 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. ” concludes the alert.

Passwords

Passwords Surveillance Manufacturing Accountability

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

SC Magazine

APRIL 9, 2021

A screenshot from a music video of hte Evan Greer song, “Surveillance Capitalism,” which tackles the dangers of commercial surveillance technology. Sometimes fighting the excesses of the creeping surveillance economy is done through position papers, coalition building and lawsuits. Our concern is not ‘Hey patch this up.’

Surveillance

Surveillance Artificial Intelligence Technology Media

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Security Affairs

OCTOBER 9, 2020

Cisco fixed three high-severity flaws in Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras. received a CVSS score of 8.8

Surveillance

Surveillance Engineering Advertising Authentication

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

The phishing messages used PDF attachments and in some cases, they included links to file or document hosting services, or to OneDrive accounts hosting the PDF documents. In several cases, SEABORGIUM has been observed using their impersonation accounts to facilitate dialog with specific people of interest.

Phishing

Phishing Accountability Hacking Surveillance

Security Affairs newsletter Round 376 by Pierluigi Paganini

Security Affairs

JULY 31, 2022

Security Affairs newsletter Round 375 by Pierluigi Paganini A database containing data of 5.4 million Twitter accounts available for sale. The post Security Affairs newsletter Round 376 by Pierluigi Paganini appeared first on Security Affairs. and Blackmatter ransomware U.S. Pierluigi Paganini.

Firmware

Firmware Surveillance Malware DDOS

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

“The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. The issue made the headline under another CVEs because it was actively exploited to deploy surveillance spyware, and it was tracked separately as CVE-2023-41064 and CVE-2023-4863. ” reads the advisory.

Spyware

Spyware Surveillance Software Hacking

Android mobile devices from top vendors in China have pre-installed malware

Security Affairs

FEBRUARY 9, 2023

The experts pointed out that also users that leave the country are exposed to surveillance, through the pre-installed software. This malicious software puts users’ privacy at risk, it could be used to spy on users and unmasking of their identities. EU) Android OS distributions from the same OS developers.

Mobile

Mobile Malware Surveillance Spyware

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

Dangerous permissions detected in top Android health apps

Security Affairs

SEPTEMBER 15, 2023

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Here are some of the most dangerous Android app permissions: Location Access: This permission allows apps to track the user’s precise location using GPS and network information.

Accountability

Accountability Mobile Surveillance Information Security

Egypt regularly spies on opponents and activists with mobile apps

Security Affairs

OCTOBER 4, 2019

Researchers at Check Point discovered that Egypt ‘ government has been spying citizens in a sophisticated surveillance program. Researchers at Check Point discovered that the Egyptian government has been spying on activists and opponents as part of a sophisticated surveillance program. SecurityAffairs – Egypt, surveillance).

Mobile

Mobile Surveillance Government Advertising

Google will pay $29.5M to settle two lawsuits over its location tracking practices

Security Affairs

JANUARY 2, 2023

Given the vast level of tracking and surveillance that technology companies can embed into their widely used products, it is only fair that consumers be informed of how important user data, including information about their every move, is gathered, tracked, and utilized by these companies. The IT giant will pay $9.5

Consumer Protection

Consumer Protection Surveillance Data collection Accountability

Alleged Iranian threat actors leak the code of their CodeRAT malware

Security Affairs

SEPTEMBER 4, 2022

The interesting aspect of this investigation is that the researchers were able to identify the developer of CodeRAT who, after being confronted by us, opted to leak the source code of CodeRAT in his public GitHub account. Experts believe that the malware is a surveillance software used by the Iranian government.

Malware

Malware Surveillance Government Hacking

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Security Affairs

SEPTEMBER 18, 2020

Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Rampant Kitten has been active at least since 2014 and was involved in ongoing surveillance operations against Iranian minorities, anti-regime organizations, and resistance movements.

Malware

Malware Phishing Accountability Advertising

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie.

Authentication

Authentication Retail Surveillance Education

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Pictured: a Dome Series security camera from Verkada. A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., When surveillance leads to spying. Or another video in which Massachusetts police officers were questioning a handcuffed man in custody.

Surveillance

Surveillance IoT Accountability Passwords

Apple Guidance on Intimate Partner Surveillance

White hat hackers gained access more than 150,000 surveillance cameras

Trending Sources

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Iranian govt uses BouldSpy Android malware for internal surveillance operations

EU officials were targeted with Israeli surveillance software

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Google updates policies to ban any ads for surveillance solutions and services

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Google Responds to Warrants for “About” Searches

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Remcos RAT campaign targets US accounting and tax return preparation firms

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

One million cracked Poshmark accounts being sold online

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Pegasus Project – how governments use Pegasus spyware against journalists

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Snowden Ten Years Later

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Donot Team targets a Togo prominent activist with Indian-made spyware

Eken camera doorbells allow ill-intentioned individuals to spy on you

Monitor Insider Threats but Build Trust First

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

A flaw in Dahua IP Cameras allows full take over of the devices

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Security Affairs newsletter Round 377

FBI warns swatting attacks on owners of smart devices

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Cisco addresses three high-severity issues in Webex, IP Cameras and ISE

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs newsletter Round 376 by Pierluigi Paganini

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Android mobile devices from top vendors in China have pre-installed malware

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Dangerous permissions detected in top Android health apps

Egypt regularly spies on opponents and activists with mobile apps

Google will pay $29.5M to settle two lawsuits over its location tracking practices

Alleged Iranian threat actors leak the code of their CodeRAT malware

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Fortinet warns of a spike in attacks against TBK DVR devices

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Stay Connected