Advertising, Data collection and Hacking

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

FEBRUARY 22, 2024

The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services. The antivirus firm is accused of selling the data to advertising companies without user consent.

Advertising

Advertising Antivirus Data collection Mobile

Poland and Lithuania fear that data collected via FaceApp could be misused

Security Affairs

JULY 19, 2019

Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp. He pointed out that most of the photos collected by the users are deleted from its servers within 48 hours and that is not used for other purposes. Pierluigi Paganini.

Data collection

Data collection Wireless Advertising Risk

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs

DECEMBER 31, 2023

According to the lawsuit, the company utilized its advertising technologies and other methods to collect details of users’ site visits and activities, even when individuals were using “private” browsing mode. The IT giant is accused of having collected an unaccountable trove of information.

Data collection

Data collection Advertising Hacking Technology

Protonmail hacked …. a very strange scam attempt

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is

Scams

Scams Hacking Data collection Advertising

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Pierluigi Paganini.

Hacking

Hacking IoT Wireless Firmware

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – buildings, hacking). Pierluigi Paganini.

Hacking

Hacking Advertising Surveillance Data collection

Google Privacy Sandbox promises to protect user privacy online

Security Affairs

FEBRUARY 18, 2022

Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. Google is also committed tp fighting and reducing covert data collection.

Data collection

Data collection Advertising Mobile Technology

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

Data collected by the agency is used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government Advertising Data collection Hacking

TheTruthSpy stalkerware, still insecure, still leaking data

Malwarebytes

FEBRUARY 13, 2024

The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

Spyware

Spyware Data collection Malware Hacking

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Media

Media Data collection Internet Internet

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Data collection Healthcare

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

Axe was advertising the Trojan as the result of over five years of work, a total of 15k ~ hours were spent for the development of the malicious code. Data collected by the malware are then transferred to the operator’s command-and-control (C2) server. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Advertising Malware Cybercrime

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

“The data collected from the target machine could be useful in classifying the value of the target. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, North Korea). ” states the report published by the experts. Pierluigi Paganini.

Advertising

Advertising Data collection Malware Phishing

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The collected data is sent to the C2 server every two days, but the cycle depends on the remote configuration.

Data collection

Data collection Mobile Malware Education

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Aleksandr Brovko).

Accountability

Accountability Banking Advertising Data collection

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. A cached copy of flashupdate[.]net in the British Virgin Islands.

VPN

VPN Computers and Electronics Antivirus Software

Stealc, a new advanced infostealer appears in the threat landscape

Security Affairs

FEBRUARY 20, 2023

discovered a new information stealer, dubbed Stealc, which was advertised in the dark web forums. Unlike other stealers, Stealc implements a customizable data collection configuration and supports a customisable file grabber. In January 2023, researchers at SEKOIA.IO The most recent variant observed by the experts is v1.3.0,

Malware

Malware Cryptocurrency Advertising Data collection

Google to Pay a record $391M fine for misleading users about the collection of location data

Security Affairs

NOVEMBER 15, 2022

According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity” The former is “off” by default while the latter is automatically enabled when users set up a Google account, including all Android users. Pierluigi Paganini.

Consumer Protection

Consumer Protection Accountability Data collection Advertising

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cybercrime

Cybercrime Hacking Banking Phishing

Google will pay $29.5M to settle two lawsuits over its location tracking practices

Security Affairs

JANUARY 2, 2023

According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”. Location data represent the core of the digital advertising business of the IT giant. SecurityAffairs – hacking, privacy). Pierluigi Paganini.

Consumer Protection

Consumer Protection Surveillance Data collection Accountability

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Security Affairs

SEPTEMBER 5, 2022

Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Pierluigi Paganini.

Phishing

Phishing Accountability Hacking Advertising

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. By the time the Secret Service caught up with him in 2013, he’d made over $3 million selling fullz data to identity thieves and organized crime rings operating throughout the United States.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Influence Tactics in Marketing and Sales

Security Through Education

JANUARY 26, 2022

According to Rob Sanders , digital marketing expert, social media platforms supply marketers with a vast amount of data to know what content is working and what isn’t. Marketers utilize aggregate data , collected from online purchases and website visits, alongside social engineering to keep you purchasing, downloading, and revisiting.

Marketing

Marketing Social Engineering Engineering Advertising

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

percent of all the data collected, followed by TP-Link that accounted for 9.07%. The Chimay Red hacking tool leverages 2 exploits, the Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. Let me suggest to read to read the report , is full of interesting data. Pierluigi Paganini.

IoT

IoT Passwords Malware Advertising

Android Apps containing Clicker Trojan installed on over 100M devices

Security Affairs

AUGUST 10, 2019

Data collected by the malware include manufacturer and model, OS version, country of residence of the user, the default language of the system, user agent identifier, name of mobile operator, type of internet connection, screen options, time zone, and information about the tainted application containing the Trojan. Pierluigi Paganini.

Mobile

Mobile Advertising Malware Data collection

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Experts at Symantec observed in the last eighteen months at least three distinct campaigns, each using a different set of hacking tools. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Turla, hacking).

Government

Government Advertising Hacking Data collection

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

The creators of phishing bots and kits can get access to data that is gathered with their tools. “To attract larger audiences, scam operators advertise their services, promising to teach others how to phish for serious cash.” User personal data for sale. ” reads the post published by Kaspersky.

Phishing

Phishing Scams Social Engineering Banking

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Data provided in the reports are disconcerting, British telecommunications firms supported GCHQ in collecting a large volume of internet data from undersea cables, the overall amount of information from 2007 to 2012 registered a 7,000-fold increase, meanwhile, the spying system monitored nearly 46 billion private communications “events” every day.

Wireless

Wireless Surveillance Telecommunications Advertising

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

XKCD forum data breach impacted 562,000 subscribers

Security Affairs

SEPTEMBER 3, 2019

The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Passwords Advertising Data collection

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. Ditto for a case the FTC brought in 2005. org back in 2014.

Marketing

Marketing Advertising Scams Telecommunications

USB drives are primary vector for destructive threats to industrial facilities

Security Affairs

NOVEMBER 5, 2018

Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX) , a product it has launched in 2017 and that was designed to protect industrial facilities from USB-borne threats. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware IoT Advertising Data collection

Getting Started: A Beginner’s Guide for Improving Privacy

Security Boulevard

JANUARY 16, 2024

Privacy-oriented browsers also limit data collection and "phoning home" and telemetry activity on their backend (in this specific case, I am using "backend" to refer to the side where users don't necessarily directly interact with the browser), preserving your privacy as a user.

Accountability

Accountability Engineering Passwords Internet

IBM experts warn of malicious abuses of Apple Siri Shortcuts

Security Affairs

FEBRUARY 2, 2019

Attackers can also automate data collection from the device (user’s current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more) and send them to the victims to scare them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Social Engineering

Social Engineering Advertising Hacking Data collection

Google Chronicle announced Backstory to protect businesses

Security Affairs

MARCH 5, 2019

Companies could use this data to quickly detect malicious activities. Backstory aims at detecting patterns of malicious activities, it also compares data against “threat intelligence” data collected from other sources and partners (i.e. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Cyber threats Advertising Data collection

Number of hacktivist attacks declined by 95 percent since 2015

Security Affairs

MAY 18, 2019

Even if in Italy the cells of the popular Anonymous collective are very active , the overall number of hacktivist attacks that caused in quantifiable damage to the victim has declined by 95 percent since 2015. Researchers analyzed data collected by IBM’s X-Force threat intelligence unit between 2015 and 2019. Pierluigi Paganini.

Advertising

Advertising Data collection DDOS Healthcare

Security Affairs - Untitled Article

Security Affairs

OCTOBER 30, 2019

Attached pic is data collection from #KKNPP #Dtrack malware (a few other bits not pictured). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – KNPP, hacking). Pierluigi Paganini.

Malware

Malware Cyber Attacks Advertising Data collection

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ransomware).

Phishing

Phishing Ransomware Spyware Banking

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

NOVEMBER 10, 2019

” Gendler explained that Siri uses a process named “ suggestd ” to collect contact information from various apps. Data collected by the process are stored in the snippets. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – encryption, hacking).

Encryption

Encryption Advertising Data collection Hacking

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

.” Song pointed out that several of the things reported by Twelve are not true, for example he denied that Wyze sends data to Alibaba Cloud in China. Song also added that Wyze only collected health data from 140 users who were beta-testing a new smart scale product, the claims of a massive data collection were fake.

IoT

IoT Accountability Advertising Wireless

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

billion people are on social media , and businesses have come to rely on these channels in their everyday operations as a form of advertising, recruiting and more. The company’s data also claims that 64 per cent of companies have experienced social media-related incidents like hacking and fraud. More than 4.7

Media

Media Accountability Authentication Passwords

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Go variant of Zebrocy initially starts collecting info on the compromised system, then sends it to the command and control server. The data collected by the malware includes a list of running processes, information gathered via the ” systeminfo ” command, local disk information, and a screenshot of the desktop.

Malware

Malware Advertising Data collection Phishing

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Security Affairs

NOVEMBER 15, 2018

The group also carries out attacks through intermediaries by hacking banks’ partners, IT companies, and financial product providers. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. years of silent operations”. Pierluigi Paganini.

Banking

Banking Computers and Electronics Phishing Cybercrime

How to Help Protect Your Digital Footprint

Identity IQ

JANUARY 24, 2024

Protecting your digital footprint can help you keep your personal information and online activities private, which can be important for helping prevent identity theft , avoid targeted advertising, and maintain control over your online reputation. Dormant accounts make you more vulnerable to potential hacks, exposing your personal information.

Identity Theft

Identity Theft Education Media Accountability

FTC charged Avast with selling users’ browsing data to advertising companies

Poland and Lithuania fear that data collected via FaceApp could be misused

Trending Sources

Google agreed to settle a $5 billion privacy lawsuit

Protonmail hacked …. a very strange scam attempt

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Over 100 flaws in management and access control systems expose buildings to hack

Google Privacy Sandbox promises to protect user privacy online

Hackers targeted the US Census Bureau network, DHS report warns

TheTruthSpy stalkerware, still insecure, still leaking data

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

CIRWA Project tracks ransomware attacks on critical infrastructure

Silent Night Zeus botnet available for sale in underground forums

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

New Android malicious library Goldoson found in 60 apps +100M downloads

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

A Deep Dive Into the Residential Proxy Service ‘911’

Stealc, a new advanced infostealer appears in the threat landscape

Google to Pay a record $391M fine for misleading users about the collection of location data

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Google will pay $29.5M to settle two lawsuits over its location tracking practices

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Confessions of an ID Theft Kingpin, Part I

Influence Tactics in Marketing and Sales

Evolution of threat landscape for IoT devices – H1 2018

Android Apps containing Clicker Trojan installed on over 100M devices

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Phishers migrate to Telegram

Russian spies are attempting to tap transatlantic undersea cables

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

XKCD forum data breach impacted 562,000 subscribers

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

USB drives are primary vector for destructive threats to industrial facilities

Getting Started: A Beginner’s Guide for Improving Privacy

IBM experts warn of malicious abuses of Apple Siri Shortcuts

Google Chronicle announced Backstory to protect businesses

Number of hacktivist attacks declined by 95 percent since 2015

Security Affairs - Untitled Article

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Apple Mail stores parts of encrypted emails in plaintext DB

Security experts disclosed Wyze data leak

How to Secure Your Business Social Media Accounts

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

How to Help Protect Your Digital Footprint

Stay Connected