Blog, Information Security and Surveillance

How to Prepare for ISO 27001 Stage 1 and Stage 2 Audits: Expert Tips

Centraleyes

JUNE 16, 2025

ISO 27001 is the international standard for Information Security Management Systems (ISMS). Achieving ISO 27001 certification demonstrates that your organization is committed to protecting sensitive data and managing risks related to information security.

Risk

Risk Information Security Surveillance

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Centraleyes

MAY 5, 2025

This guide offers a comprehensive, step-by-step breakdown of the process, providing the depth and clarity youre looking for to build a rock-solid Information Security Management System (ISMS). ISO 27001 is a globally recognized standard for managing information security. What is ISO 27001? Why is ISO 27001 Important?

Risk

Risk Information Security Firewall Education

ISO 42001 Certification: Step-by-Step Guide to Achieve

Centraleyes

JULY 3, 2025

ISO/IEC 42001 complements other recognized standards such as ISO/IEC 27001 (information security), ISO/IEC 27701 (privacy) , and ISO 31000 (risk management), providing a cohesive approach to governing AI alongside existing enterprise management systems. Full recertification is required every three years.

Government

Government Risk Accountability Artificial Intelligence

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The company denied accusations and sued the German blog and requested the removal of the article on the case. Pierluigi Paganini.

Surveillance

Surveillance Spyware Software Advertising

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. .”

Surveillance

Surveillance Software Spyware Hacking

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Government Malware

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. .

Surveillance

Surveillance Malware Spyware Accountability

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

Security Affairs

APRIL 26, 2022

An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. While Russia was invading Ukraine in February, two unknown surveillance startups, Anomaly Six and Zignal Labs joined forces to provide powerful surveillance services.

Surveillance

Surveillance Mobile Government Media

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Security Affairs

MAY 23, 2022

We assess the exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different govt-backed actors. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. link] — Shane Huntley (@ShaneHuntley) May 19, 2022.

Spyware

Spyware Surveillance Government Banking

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. The lawsuit filed by WhatsApp in U.S.

Surveillance

Surveillance Technology Spyware Mobile

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

As a result, The majority of businesses (55 percent) are using some sort of a tool to monitor for insider threats; including data leak prevention (DLP) software (54 percent), user behavior analytics (UBA) software (50 percent), and employee monitoring and surveillance (47 percent). Yes, they are cheap to apply. They can be dynamic.

Marketing

Marketing Software Surveillance Information Security

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire. Access control is the restricting of access to a system.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. This time, the Cybernews research team found 3.5

Surveillance

Surveillance Manufacturing Internet Passwords

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance

Surveillance Education Media Hacking

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

63 of them were targeted or infected with the Pegasus spyware, and four others with the spyware developed by another surveillance firm named Candiru. The researchers reported that at least two of them were targeted or infected with both surveillance software. To nominate, please visit:? Pierluigi Paganini.

Spyware

Spyware Surveillance Government Software

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware.

Surveillance

Surveillance Spyware Risk Education

Expert discloses details of 3 Tor zero-day flaws … new ones to come

Security Affairs

JULY 30, 2020

The researcher operates multiple Tor nodes, last week he published a blog post that describes how internet service providers and organizations could stop Tor connections. “In this blog entry, I’m going to disclose methods to identify Tor bridge network traffic. As it turns out, this packet signature is not theoretical.”

Advertising

Advertising Surveillance Hacking Internet

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes. “The attacks described in this blog post demonstrate the length an actor can go in order to gain the highest level of persistence on a victim machine.

Firmware

Firmware Spyware Surveillance Hacking

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

In 2019, the Reuter agencies published a report that detailed the activity of “a secret hacking team of American mercenaries” that joined Project Raven as part of a clandestine team of experts that helped the United Arab Emirates in conducting a surveillance program and conducting hit-and-run hacking operations. ” reads the response.

Surveillance

Surveillance VPN Hacking Cybersecurity

Anonymous hacked other Russian organizations, some of the breaches could be severe

Security Affairs

APRIL 20, 2022

Synesis Surveillance System – Anonymous claims to have hacked the Synesis and Kipod surveillance systems. , the Main Directorate for the Arrangement of Troops with 49% and 51% shares, respectively. Anonymous claims to have stolen 15,600 emails and leaked an archive of 9.5 GB in size. To nominate, please visit:?

Hacking

Hacking Banking Surveillance Engineering

QNAP fixes multiple flaws, including a QVR RCE vulnerability

Security Affairs

MAY 6, 2022

QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. To nominate, please visit:? Pierluigi Paganini.

Surveillance

Surveillance Hacking Software Cybersecurity

A consumer-grade spyware app found in check-in systems of 3 US hotels

Security Affairs

MAY 22, 2024

Daigle discovered the commercial surveillance software on the hotel check-in systems while investigating consumer-grade spyware (aka stalkerware ). He shared limited details about the screenshot bug in a blog post, intentionally omitting specifics to prevent malicious exploitation.

Spyware

Spyware Surveillance Software Hacking

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

ISO is responsible for issuing internationally-accepted standards for (seemingly) everything, from a standard for brewing tea (3103:2019) to ski boots (5355:2005) to the two-letter country code that can form a country’s domain address (3166) to standards for information security. What is ISO 27001:2013, 27017:2015 and 27018:2019?

Manufacturing

Manufacturing Surveillance CISO Information Security

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs

JUNE 10, 2022

The attack impacted the municipal police, surveillance cameras and ZTL traffic control systems, the authorities confirmed that the problems can last for days. “An order of priority was then drawn up for the reactivation of the services and platforms that are ordinarily managed through the information systems. Pierluigi Paganini.

Ransomware

Ransomware Data breaches Cyber Attacks Surveillance

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported.

Accountability

Accountability Phishing Financial Services Surveillance

Security Affairs newsletter Round 370 by Pierluigi Paganini

Security Affairs

JUNE 20, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Spyware

Spyware DNS Surveillance Ransomware

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie.

Authentication

Authentication Surveillance Retail Banking

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

Security Affairs

MAY 26, 2022

Tails is a security and privacy-oriented Linux distribution, it is a portable operating system that protects against surveillance and censorship. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. .” reads the advisory published by project maintainers. Pierluigi Paganini.

Surveillance

Surveillance Passwords Hacking Encryption

Security Affairs newsletter Round 363 by Pierluigi Paganini

Security Affairs

MAY 1, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

DDOS

DDOS Surveillance Hacking Ransomware

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

QNAP QVR is a video surveillance solution of the Taiwanese vendor which is hosted on its NAS devices and doesn’t require any extra software. The post QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Ransomware

Ransomware Internet Internet Firmware

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

An attacker can hijack the robots to crash them into people and objects, use them to harass patients and staff, for surveillance purposes, to interfere with the delivery of critical patient medication, access patient medical records in violation of HIPAA, and more. To nominate, please visit:? Pierluigi Paganini.

Mobile

Mobile Hacking Firmware Surveillance

Security Affairs newsletter Round 361 by Pierluigi Paganini

Security Affairs

APRIL 17, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Data breaches

Data breaches Wireless Hacking Surveillance

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

This was recently highlighted by blog posts from Project Zero and Github Security Lab.” Even smaller surveillance vendors have access to 0-days, and vendors stockpiling and using 0-day vulnerabilities in secret pose a severe risk to the Internet.” ” concludes the report.

Spyware

Spyware Surveillance Firmware Internet

Security Affairs newsletter Round 371 by Pierluigi Paganini

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Small Business

Small Business Spyware Data breaches Surveillance

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. Follow me on Twitter: @securityaffairs and Facebook.

Firmware

Firmware Penetration Testing Manufacturing Authentication

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware

Spyware Ransomware Malware Data breaches

The stealthy email stealer in the TA505 hacker group’s arsenal

Security Affairs

MAY 16, 2019

During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. Investigating the attacker infrastructure we noticed interesting information such as the information of the stolen emails through our Digital Surveillance systems.

Banking

Banking Surveillance Malware Accountability

DCRat, only $5 for a fully working remote access trojan

Security Affairs

MAY 9, 2022

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution. “All DCRat marketing and sales operations are done through the popular Russian hacking forum lolz[.]guru,

Cybercrime

Cybercrime Malware Surveillance DDOS

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Duo's Security Blog

FEBRUARY 1, 2021

ISO (International Organization for Standardization Certification) is responsible for issuing internationally-accepted standards for (seemingly) everything, from a standard for brewing tea (3103:2019) to ski boots (5355:2005) to the two-letter country code that can form a country’s domain address (3166) to standards for information security.

Manufacturing

Manufacturing Surveillance Information Security

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Security Affairs

JUNE 19, 2019

” reads the blog post published by Trend Micro. The attackers appear to be focused o n stealing military-related information. . “We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.””

Mobile

Mobile Malware Advertising Encryption

Apple fixed three new actively exploited zero-day vulnerabilities

Security Affairs

MAY 18, 2023

The flaw was reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. Despite Apple did not provide details about the attacks, the three issues were likely exploited in attacks conducted by nation-state actors or by surveillance firms.

Surveillance

Surveillance Hacking Engineering Mobile

How to Prepare for ISO 27001 Stage 1 and Stage 2 Audits: Expert Tips

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Trending Sources

ISO 42001 Certification: Step-by-Step Guide to Achieve

German authorities raid the offices of the FinFisher surveillance firm

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

EU officials were targeted with Israeli surveillance software

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

3.5m IP cameras exposed, with US in the lead

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Expert discloses details of 3 Tor zero-day flaws … new ones to come

Second-ever UEFI rootkit used in North Korea-themed attacks

Why Edward Snowden is urging users to stop using ExpressVPN?

Anonymous hacked other Russian organizations, some of the breaches could be severe

QNAP fixes multiple flaws, including a QVR RCE vulnerability

A consumer-grade spyware app found in check-in systems of 3 US hotels

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs newsletter Round 370 by Pierluigi Paganini

Fortinet warns of a spike in attacks against TBK DVR devices

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

Security Affairs newsletter Round 363 by Pierluigi Paganini

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs newsletter Round 361 by Pierluigi Paganini

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs newsletter Round 371 by Pierluigi Paganini

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

The stealthy email stealer in the TA505 hacker group’s arsenal

DCRat, only $5 for a fully working remote access trojan

In Search of… ISO 27001:2013, 27017:27017 & 27018:2019 Certification

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Apple fixed three new actively exploited zero-day vulnerabilities

Stay Connected